@albinocrabs/o-switcher 0.1.0

package/dist/chunk-BTDKGS7P.js

@@ -0,0 +1,1777 @@
+// src/config/defaults.ts
+var DEFAULT_RETRY_BUDGET = 3;
+var DEFAULT_FAILOVER_BUDGET = 2;
+var DEFAULT_BACKOFF_BASE_MS = 1e3;
+var DEFAULT_BACKOFF_MULTIPLIER = 2;
+var DEFAULT_BACKOFF_MAX_MS = 3e4;
+var DEFAULT_BACKOFF_JITTER = "full";
+var DEFAULT_ROUTING_WEIGHT_HEALTH = 1;
+var DEFAULT_ROUTING_WEIGHT_LATENCY = 0.5;
+var DEFAULT_ROUTING_WEIGHT_FAILURE = 0.8;
+var DEFAULT_ROUTING_WEIGHT_PRIORITY = 0.3;
+var DEFAULT_MAX_EXPECTED_LATENCY_MS = 3e4;
+var DEFAULT_QUEUE_LIMIT = 100;
+var DEFAULT_GLOBAL_CONCURRENCY_LIMIT = 10;
+var DEFAULT_BACKPRESSURE_THRESHOLD = 50;
+var DEFAULT_CB_FAILURE_THRESHOLD = 5;
+var DEFAULT_CB_FAILURE_RATE_THRESHOLD = 0.5;
+var DEFAULT_CB_SLIDING_WINDOW_SIZE = 10;
+var DEFAULT_CB_HALF_OPEN_AFTER_MS = 3e4;
+var DEFAULT_CB_HALF_OPEN_MAX_PROBES = 1;
+var DEFAULT_CB_SUCCESS_THRESHOLD = 2;
+var DEFAULT_RETRY = 3;
+var DEFAULT_TIMEOUT_MS = 3e4;
+
+// src/config/schema.ts
+import { z } from "zod";
+var BackoffConfigSchema = z.object({
+  base_ms: z.number().positive().default(DEFAULT_BACKOFF_BASE_MS),
+  multiplier: z.number().positive().default(DEFAULT_BACKOFF_MULTIPLIER),
+  max_ms: z.number().positive().default(DEFAULT_BACKOFF_MAX_MS),
+  jitter: z.enum(["full", "equal", "none"]).default(DEFAULT_BACKOFF_JITTER)
+});
+var RoutingWeightsSchema = z.object({
+  health: z.number().default(DEFAULT_ROUTING_WEIGHT_HEALTH),
+  latency: z.number().default(DEFAULT_ROUTING_WEIGHT_LATENCY),
+  failure: z.number().default(DEFAULT_ROUTING_WEIGHT_FAILURE),
+  priority: z.number().default(DEFAULT_ROUTING_WEIGHT_PRIORITY)
+});
+var CircuitBreakerConfigSchema = z.object({
+  failure_threshold: z.number().int().positive().default(DEFAULT_CB_FAILURE_THRESHOLD),
+  failure_rate_threshold: z.number().gt(0).lt(1).default(DEFAULT_CB_FAILURE_RATE_THRESHOLD),
+  sliding_window_size: z.number().int().positive().default(DEFAULT_CB_SLIDING_WINDOW_SIZE),
+  half_open_after_ms: z.number().positive().default(DEFAULT_CB_HALF_OPEN_AFTER_MS),
+  half_open_max_probes: z.number().int().positive().default(DEFAULT_CB_HALF_OPEN_MAX_PROBES),
+  success_threshold: z.number().int().positive().default(DEFAULT_CB_SUCCESS_THRESHOLD)
+});
+var TargetConfigSchema = z.object({
+  target_id: z.string().min(1),
+  provider_id: z.string().min(1),
+  profile: z.string().optional(),
+  endpoint_id: z.string().optional(),
+  capabilities: z.array(z.string()).default([]),
+  enabled: z.boolean().default(true),
+  operator_priority: z.number().int().default(0),
+  policy_tags: z.array(z.string()).default([]),
+  retry_budget: z.number().int().positive().optional(),
+  failover_budget: z.number().int().positive().optional(),
+  backoff: BackoffConfigSchema.optional(),
+  concurrency_limit: z.number().int().positive().optional(),
+  circuit_breaker: CircuitBreakerConfigSchema.optional()
+});
+var SwitcherConfigSchema = z.object({
+  targets: z.array(TargetConfigSchema).min(1).optional(),
+  retry: z.number().int().positive().optional(),
+  timeout: z.number().positive().optional(),
+  retry_budget: z.number().int().positive().default(DEFAULT_RETRY_BUDGET),
+  failover_budget: z.number().int().positive().default(DEFAULT_FAILOVER_BUDGET),
+  backoff: BackoffConfigSchema.default({
+    base_ms: DEFAULT_BACKOFF_BASE_MS,
+    multiplier: DEFAULT_BACKOFF_MULTIPLIER,
+    max_ms: DEFAULT_BACKOFF_MAX_MS,
+    jitter: DEFAULT_BACKOFF_JITTER
+  }),
+  deployment_mode_hint: z.enum(["plugin-only", "server-companion", "sdk-control", "auto"]).default("auto"),
+  routing_weights: RoutingWeightsSchema.default({
+    health: DEFAULT_ROUTING_WEIGHT_HEALTH,
+    latency: DEFAULT_ROUTING_WEIGHT_LATENCY,
+    failure: DEFAULT_ROUTING_WEIGHT_FAILURE,
+    priority: DEFAULT_ROUTING_WEIGHT_PRIORITY
+  }),
+  queue_limit: z.number().int().positive().default(DEFAULT_QUEUE_LIMIT),
+  concurrency_limit: z.number().int().positive().default(DEFAULT_GLOBAL_CONCURRENCY_LIMIT),
+  backpressure_threshold: z.number().int().nonnegative().default(DEFAULT_BACKPRESSURE_THRESHOLD),
+  circuit_breaker: CircuitBreakerConfigSchema.default({
+    failure_threshold: DEFAULT_CB_FAILURE_THRESHOLD,
+    failure_rate_threshold: DEFAULT_CB_FAILURE_RATE_THRESHOLD,
+    sliding_window_size: DEFAULT_CB_SLIDING_WINDOW_SIZE,
+    half_open_after_ms: DEFAULT_CB_HALF_OPEN_AFTER_MS,
+    half_open_max_probes: DEFAULT_CB_HALF_OPEN_MAX_PROBES,
+    success_threshold: DEFAULT_CB_SUCCESS_THRESHOLD
+  }),
+  max_expected_latency_ms: z.number().positive().default(DEFAULT_MAX_EXPECTED_LATENCY_MS)
+});
+
+// src/config/loader.ts
+var ConfigValidationError = class extends Error {
+  diagnostics;
+  constructor(diagnostics) {
+    const summary = diagnostics.map((d) => `  ${d.path}: ${d.message}`).join("\n");
+    super(`Invalid O-Switcher configuration:
+${summary}`);
+    this.name = "ConfigValidationError";
+    this.diagnostics = diagnostics;
+  }
+};
+var validateConfig = (raw) => {
+  const result = SwitcherConfigSchema.safeParse(raw);
+  if (result.success) {
+    const data = { ...result.data };
+    if (data.retry !== void 0 && data.retry_budget === DEFAULT_RETRY_BUDGET) {
+      data.retry_budget = data.retry;
+    }
+    if (data.timeout !== void 0 && data.max_expected_latency_ms === DEFAULT_MAX_EXPECTED_LATENCY_MS) {
+      data.max_expected_latency_ms = data.timeout;
+    }
+    if (data.targets !== void 0) {
+      const seen = /* @__PURE__ */ new Set();
+      const duplicateDiagnostics = [];
+      for (const target of data.targets) {
+        const key = `${target.provider_id}::${target.profile ?? "__default__"}`;
+        if (seen.has(key)) {
+          duplicateDiagnostics.push({
+            path: "targets",
+            message: `Duplicate provider_id + profile combination: ${key}`,
+            received: key
+          });
+        }
+        seen.add(key);
+      }
+      if (duplicateDiagnostics.length > 0) {
+        throw new ConfigValidationError(duplicateDiagnostics);
+      }
+    }
+    return Object.freeze(data);
+  }
+  const diagnostics = result.error.issues.map(
+    (issue) => ({
+      path: issue.path.join("."),
+      message: issue.message,
+      received: "expected" in issue ? issue.expected : void 0
+    })
+  );
+  throw new ConfigValidationError(diagnostics);
+};
+
+// src/config/discovery.ts
+var discoverTargets = (providerConfig) => {
+  const targets = [];
+  for (const [key, value] of Object.entries(providerConfig)) {
+    if (!value) continue;
+    const raw = {
+      target_id: key,
+      provider_id: value.id ?? key,
+      capabilities: ["chat"],
+      enabled: true,
+      operator_priority: 0,
+      policy_tags: []
+    };
+    const parsed = TargetConfigSchema.parse(raw);
+    targets.push(parsed);
+  }
+  return targets;
+};
+var discoverTargetsFromProfiles = (store) => {
+  const targets = [];
+  for (const entry of Object.values(store)) {
+    if (!entry) continue;
+    const raw = {
+      target_id: entry.id,
+      provider_id: entry.provider,
+      profile: entry.id,
+      capabilities: ["chat"],
+      enabled: true,
+      operator_priority: 0,
+      policy_tags: []
+    };
+    const parsed = TargetConfigSchema.parse(raw);
+    targets.push(parsed);
+  }
+  return targets;
+};
+
+// src/registry/health.ts
+var INITIAL_HEALTH_SCORE = 1;
+var DEFAULT_ALPHA = 0.1;
+var updateHealthScore = (currentScore, observation, alpha = DEFAULT_ALPHA) => alpha * observation + (1 - alpha) * currentScore;
+var updateLatencyEma = (currentEma, observedMs, alpha = DEFAULT_ALPHA) => alpha * observedMs + (1 - alpha) * currentEma;
+
+// src/registry/registry.ts
+var TargetRegistry = class {
+  targets;
+  constructor(config) {
+    this.targets = new Map(
+      (config.targets ?? []).map((t) => [
+        t.target_id,
+        {
+          target_id: t.target_id,
+          provider_id: t.provider_id,
+          profile: t.profile,
+          endpoint_id: t.endpoint_id,
+          capabilities: [...t.capabilities],
+          enabled: t.enabled,
+          state: "Active",
+          health_score: INITIAL_HEALTH_SCORE,
+          cooldown_until: null,
+          latency_ema_ms: 0,
+          failure_score: 0,
+          operator_priority: t.operator_priority,
+          policy_tags: [...t.policy_tags]
+        }
+      ])
+    );
+  }
+  /** Returns the target entry for the given id, or undefined if not found. */
+  getTarget(id) {
+    return this.targets.get(id);
+  }
+  /** Returns a readonly array of all target entries. */
+  getAllTargets() {
+    return [...this.targets.values()];
+  }
+  /**
+   * Updates the state of a target.
+   * @returns true if the target was found and updated, false otherwise.
+   */
+  updateState(id, newState) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return false;
+    }
+    this.targets.set(id, { ...target, state: newState });
+    return true;
+  }
+  /**
+   * Records a success (1) or failure (0) observation for a target.
+   * Updates health_score via EMA.
+   */
+  recordObservation(id, observation) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return;
+    }
+    const newHealthScore = updateHealthScore(
+      target.health_score,
+      observation
+    );
+    this.targets.set(id, { ...target, health_score: newHealthScore });
+  }
+  /** Sets the cooldown_until timestamp for a target. */
+  setCooldown(id, untilMs) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return;
+    }
+    this.targets.set(id, { ...target, cooldown_until: untilMs });
+  }
+  /** Updates the latency EMA for a target. */
+  updateLatency(id, ms) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return;
+    }
+    const newLatency = updateLatencyEma(target.latency_ema_ms, ms);
+    this.targets.set(id, { ...target, latency_ema_ms: newLatency });
+  }
+  /**
+   * Adds a new target entry to the registry.
+   * @returns true if added, false if target_id already exists.
+   */
+  addTarget(entry) {
+    if (this.targets.has(entry.target_id)) {
+      return false;
+    }
+    this.targets.set(entry.target_id, entry);
+    return true;
+  }
+  /**
+   * Removes a target entry from the registry.
+   * @returns true if found and removed, false if not found.
+   */
+  removeTarget(id) {
+    return this.targets.delete(id);
+  }
+  /** Returns a deep-frozen snapshot of all targets. */
+  getSnapshot() {
+    const snapshot = {
+      targets: [...this.targets.values()].map((t) => ({ ...t }))
+    };
+    return Object.freeze(snapshot);
+  }
+};
+var createRegistry = (config) => new TargetRegistry(config);
+
+// src/registry/types.ts
+var TARGET_STATES = [
+  "Active",
+  "CoolingDown",
+  "ReauthRequired",
+  "PolicyBlocked",
+  "CircuitOpen",
+  "CircuitHalfOpen",
+  "Draining",
+  "Disabled"
+];
+
+// src/audit/logger.ts
+import pino from "pino";
+import crypto from "crypto";
+var REDACT_PATHS = [
+  "api_key",
+  "token",
+  "secret",
+  "password",
+  "authorization",
+  "credential",
+  "credentials",
+  "*.api_key",
+  "*.token",
+  "*.secret",
+  "*.password",
+  "*.authorization",
+  "*.credential",
+  "*.credentials"
+];
+var createAuditLogger = (options) => {
+  const opts = {
+    level: options?.level ?? "info",
+    redact: {
+      paths: [...REDACT_PATHS],
+      censor: "[Redacted]"
+    }
+  };
+  if (options?.destination) {
+    return pino(opts, options.destination);
+  }
+  return pino(opts);
+};
+var createRequestLogger = (baseLogger, requestId) => baseLogger.child({ request_id: requestId });
+var generateCorrelationId = () => crypto.randomUUID();
+
+// src/errors/taxonomy.ts
+import { z as z2 } from "zod";
+var RateLimitedSchema = z2.object({
+  class: z2.literal("RateLimited"),
+  retryable: z2.literal(true),
+  retry_after_ms: z2.number().optional(),
+  provider_reason: z2.string().optional()
+});
+var QuotaExhaustedSchema = z2.object({
+  class: z2.literal("QuotaExhausted"),
+  retryable: z2.literal(false),
+  provider_reason: z2.string().optional()
+});
+var AuthFailureSchema = z2.object({
+  class: z2.literal("AuthFailure"),
+  retryable: z2.literal(false),
+  recovery_attempted: z2.boolean().default(false)
+});
+var PermissionFailureSchema = z2.object({
+  class: z2.literal("PermissionFailure"),
+  retryable: z2.literal(false)
+});
+var PolicyFailureSchema = z2.object({
+  class: z2.literal("PolicyFailure"),
+  retryable: z2.literal(false)
+});
+var RegionRestrictionSchema = z2.object({
+  class: z2.literal("RegionRestriction"),
+  retryable: z2.literal(false)
+});
+var ModelUnavailableSchema = z2.object({
+  class: z2.literal("ModelUnavailable"),
+  retryable: z2.literal(false),
+  failover_eligible: z2.literal(true)
+});
+var TransientServerFailureSchema = z2.object({
+  class: z2.literal("TransientServerFailure"),
+  retryable: z2.literal(true),
+  http_status: z2.number().optional()
+});
+var TransportFailureSchema = z2.object({
+  class: z2.literal("TransportFailure"),
+  retryable: z2.literal(true)
+});
+var InterruptedExecutionSchema = z2.object({
+  class: z2.literal("InterruptedExecution"),
+  retryable: z2.literal(true),
+  partial_output_bytes: z2.number().optional()
+});
+var ErrorClassSchema = z2.discriminatedUnion("class", [
+  RateLimitedSchema,
+  QuotaExhaustedSchema,
+  AuthFailureSchema,
+  PermissionFailureSchema,
+  PolicyFailureSchema,
+  RegionRestrictionSchema,
+  ModelUnavailableSchema,
+  TransientServerFailureSchema,
+  TransportFailureSchema,
+  InterruptedExecutionSchema
+]);
+var isRetryable = (errorClass) => errorClass.retryable;
+var getTargetStateTransition = (errorClass) => {
+  switch (errorClass.class) {
+    case "RateLimited":
+      return "CoolingDown";
+    case "QuotaExhausted":
+      return "Disabled";
+    case "AuthFailure":
+      return "ReauthRequired";
+    case "PermissionFailure":
+      return "PolicyBlocked";
+    case "PolicyFailure":
+      return "PolicyBlocked";
+    case "RegionRestriction":
+      return "Disabled";
+    case "ModelUnavailable":
+      return null;
+    case "TransientServerFailure":
+      return null;
+    case "TransportFailure":
+      return null;
+    case "InterruptedExecution":
+      return null;
+  }
+};
+
+// src/retry/backoff.ts
+var DEFAULT_BACKOFF_PARAMS = {
+  base_ms: 1e3,
+  multiplier: 2,
+  max_ms: 3e4,
+  jitter: "full"
+};
+var computeBackoffMs = (attempt, params, retryAfterMs) => {
+  const rawDelay = Math.min(
+    params.base_ms * Math.pow(params.multiplier, attempt),
+    params.max_ms
+  );
+  const jitteredDelay = params.jitter === "full" ? Math.random() * rawDelay : params.jitter === "equal" ? rawDelay / 2 + Math.random() * (rawDelay / 2) : rawDelay;
+  return Math.max(jitteredDelay, retryAfterMs ?? 0);
+};
+
+// src/retry/retry-policy.ts
+var createRetryPolicy = (budget, backoffParams = DEFAULT_BACKOFF_PARAMS) => ({
+  budget,
+  backoffParams,
+  decide: (classification, attemptsSoFar) => {
+    const errorClass = classification.error_class;
+    if (!isRetryable(errorClass)) {
+      return {
+        action: "abort",
+        reason: `Non-retryable: ${errorClass.class}`,
+        target_state: getTargetStateTransition(errorClass)
+      };
+    }
+    if (attemptsSoFar >= budget) {
+      return {
+        action: "exhausted",
+        attempts_used: attemptsSoFar
+      };
+    }
+    const retryAfterMs = errorClass.class === "RateLimited" ? errorClass.retry_after_ms : void 0;
+    const delayMs = computeBackoffMs(attemptsSoFar, backoffParams, retryAfterMs);
+    return {
+      action: "retry",
+      delay_ms: delayMs,
+      attempt: attemptsSoFar + 1
+    };
+  }
+});
+
+// src/routing/types.ts
+var EXCLUSION_REASONS = [
+  "disabled",
+  "policy_blocked",
+  "reauth_required",
+  "cooldown_active",
+  "circuit_open",
+  "capability_mismatch",
+  "draining"
+];
+var ADMISSION_RESULTS = [
+  "admitted",
+  "queued",
+  "degraded",
+  "rejected"
+];
+
+// src/routing/events.ts
+import { EventEmitter } from "eventemitter3";
+var createRoutingEventBus = () => new EventEmitter();
+
+// src/routing/dual-breaker.ts
+import {
+  ConsecutiveBreaker,
+  CountBreaker
+} from "cockatiel";
+var DualBreaker = class {
+  consecutive;
+  count;
+  constructor(consecutiveThreshold, countOpts) {
+    this.consecutive = new ConsecutiveBreaker(consecutiveThreshold);
+    this.count = new CountBreaker(countOpts);
+  }
+  /** Serializable state for both internal breakers. */
+  get state() {
+    return {
+      consecutive: this.consecutive.state,
+      count: this.count.state
+    };
+  }
+  /** Restore state for both internal breakers. */
+  set state(value) {
+    const v = value;
+    this.consecutive.state = v.consecutive;
+    this.count.state = v.count;
+  }
+  /**
+   * Record success on both breakers.
+   * ConsecutiveBreaker.success() takes no args (resets counter).
+   * CountBreaker.success() takes CircuitState.
+   */
+  success(state) {
+    this.consecutive.success();
+    this.count.success(state);
+  }
+  /**
+   * Record failure on both breakers.
+   * Returns true if EITHER breaker trips (OR logic).
+   * ConsecutiveBreaker.failure() takes no args.
+   * CountBreaker.failure() takes CircuitState.
+   */
+  failure(state) {
+    const consecutiveTripped = this.consecutive.failure();
+    const countTripped = this.count.failure(state);
+    return consecutiveTripped || countTripped;
+  }
+};
+
+// src/routing/circuit-breaker.ts
+import {
+  CircuitState as CircuitState2,
+  handleAll,
+  circuitBreaker,
+  BrokenCircuitError,
+  IsolatedCircuitError
+} from "cockatiel";
+import "eventemitter3";
+var COCKATIEL_TO_TARGET = /* @__PURE__ */ new Map([
+  [CircuitState2.Closed, "Active"],
+  [CircuitState2.Open, "CircuitOpen"],
+  [CircuitState2.HalfOpen, "CircuitHalfOpen"],
+  [CircuitState2.Isolated, "Disabled"]
+]);
+var toTargetState = (state) => COCKATIEL_TO_TARGET.get(state) ?? "Disabled";
+var createCircuitBreaker = (targetId, config, eventBus) => {
+  const createPolicy = () => {
+    const breaker = new DualBreaker(config.failure_threshold, {
+      threshold: config.failure_rate_threshold,
+      size: config.sliding_window_size
+    });
+    const policy = circuitBreaker(handleAll, {
+      halfOpenAfter: config.half_open_after_ms,
+      breaker
+    });
+    return { policy, breaker };
+  };
+  let current = createPolicy();
+  let previousState = CircuitState2.Closed;
+  let openedAtMs = 0;
+  const subscribeEvents = (policy) => {
+    policy.onStateChange((newState) => {
+      if (newState === CircuitState2.Open) {
+        openedAtMs = Date.now();
+      }
+      const from = toTargetState(previousState);
+      const to = toTargetState(newState);
+      previousState = newState;
+      if (from !== to && eventBus) {
+        eventBus.emit("circuit_state_change", {
+          target_id: targetId,
+          from,
+          to,
+          reason: `state_transition`
+        });
+      }
+    });
+  };
+  subscribeEvents(current.policy);
+  const effectiveState = () => {
+    const raw = current.policy.state;
+    if (raw === CircuitState2.Open && openedAtMs > 0 && Date.now() - openedAtMs >= config.half_open_after_ms) {
+      return CircuitState2.HalfOpen;
+    }
+    return raw;
+  };
+  return {
+    state() {
+      return toTargetState(effectiveState());
+    },
+    async recordSuccess() {
+      try {
+        await current.policy.execute(async () => void 0);
+      } catch (err) {
+        if (err instanceof BrokenCircuitError || err instanceof IsolatedCircuitError) {
+          return;
+        }
+        throw err;
+      }
+    },
+    async recordFailure() {
+      try {
+        await current.policy.execute(async () => {
+          throw new Error("recorded-failure");
+        });
+      } catch {
+      }
+    },
+    allowRequest() {
+      return effectiveState() !== CircuitState2.Open;
+    },
+    reset() {
+      current = createPolicy();
+      previousState = CircuitState2.Closed;
+      openedAtMs = 0;
+      subscribeEvents(current.policy);
+    }
+  };
+};
+
+// src/routing/concurrency-tracker.ts
+var createConcurrencyTracker = (defaultLimit) => {
+  const state = /* @__PURE__ */ new Map();
+  const getOrCreate = (target_id) => {
+    const existing = state.get(target_id);
+    if (existing) return existing;
+    const entry = { active: 0, limit: defaultLimit };
+    state.set(target_id, entry);
+    return entry;
+  };
+  return {
+    acquire(target_id) {
+      const entry = getOrCreate(target_id);
+      if (entry.active >= entry.limit) return false;
+      entry.active += 1;
+      return true;
+    },
+    release(target_id) {
+      const entry = state.get(target_id);
+      if (!entry || entry.active <= 0) return;
+      entry.active -= 1;
+    },
+    headroom(target_id) {
+      const entry = getOrCreate(target_id);
+      return Math.max(0, entry.limit - entry.active);
+    },
+    active(target_id) {
+      const entry = state.get(target_id);
+      return entry ? entry.active : 0;
+    },
+    setLimit(target_id, limit) {
+      const entry = getOrCreate(target_id);
+      entry.limit = limit;
+    }
+  };
+};
+
+// src/routing/policy-engine.ts
+var normalizeLatency = (latencyEmaMs, maxExpectedMs) => Math.min(latencyEmaMs / maxExpectedMs, 1);
+var computeScore = (target, weights, maxLatencyMs) => weights.health * target.health_score - weights.latency * normalizeLatency(target.latency_ema_ms, maxLatencyMs) - weights.failure * target.failure_score + weights.priority * target.operator_priority;
+var getExclusionReason = (target, circuitBreakers, requiredCapabilities, excludeTargets, nowMs) => {
+  if (!target.enabled) {
+    return "disabled";
+  }
+  if (target.state === "PolicyBlocked") {
+    return "policy_blocked";
+  }
+  if (target.state === "ReauthRequired") {
+    return "reauth_required";
+  }
+  if (target.state === "Draining") {
+    return "draining";
+  }
+  if (target.state === "Disabled") {
+    return "disabled";
+  }
+  const breaker = circuitBreakers.get(target.target_id);
+  if (breaker !== void 0 && !breaker.allowRequest()) {
+    return "circuit_open";
+  }
+  if (target.cooldown_until !== null && target.cooldown_until > nowMs) {
+    return "cooldown_active";
+  }
+  if (requiredCapabilities.length > 0 && !requiredCapabilities.every((cap) => target.capabilities.includes(cap))) {
+    return "capability_mismatch";
+  }
+  return null;
+};
+var selectTarget = (snapshot, circuitBreakers, requiredCapabilities, weights, maxLatencyMs, nowMs, request_id, excludeTargets, logger) => {
+  const excluded = [];
+  const eligible = [];
+  for (const target of snapshot.targets) {
+    if (excludeTargets !== void 0 && excludeTargets.has(target.target_id)) {
+      continue;
+    }
+    const reason = getExclusionReason(
+      target,
+      circuitBreakers,
+      requiredCapabilities,
+      excludeTargets ?? /* @__PURE__ */ new Set(),
+      nowMs
+    );
+    if (reason !== null) {
+      excluded.push({ target_id: target.target_id, reason });
+    } else {
+      eligible.push(target);
+    }
+  }
+  const scored = eligible.map((target) => ({
+    target,
+    score: computeScore(target, weights, maxLatencyMs)
+  }));
+  scored.sort((a, b) => {
+    const scoreDiff = b.score - a.score;
+    if (scoreDiff !== 0) {
+      return scoreDiff;
+    }
+    return a.target.target_id.localeCompare(b.target.target_id);
+  });
+  const candidates = scored.map((s) => ({
+    target_id: s.target.target_id,
+    score: s.score,
+    health_score: s.target.health_score,
+    latency_ema_ms: s.target.latency_ema_ms
+  }));
+  const firstCandidate = candidates.length > 0 ? candidates[0] : void 0;
+  const selected = firstCandidate !== void 0 ? {
+    target_id: firstCandidate.target_id,
+    score: firstCandidate.score,
+    rank: 0
+  } : null;
+  const record = {
+    request_id,
+    timestamp_ms: nowMs,
+    candidates,
+    excluded,
+    selected
+  };
+  if (logger !== void 0) {
+    const excludedSummary = {};
+    for (const e of excluded) {
+      excludedSummary[e.reason] = (excludedSummary[e.reason] ?? 0) + 1;
+    }
+    const logFields = {
+      event: "target_selected",
+      component: "policy-engine",
+      request_id,
+      selected: selected?.target_id ?? null,
+      score: selected?.score ?? null,
+      candidates_count: candidates.length,
+      excluded_count: excluded.length,
+      excluded_summary: excludedSummary
+    };
+    if (selected !== null) {
+      logger.info(logFields, "Target selected");
+    } else {
+      logger.warn(logFields, "No eligible target");
+    }
+  }
+  return record;
+};
+
+// src/routing/cooldown.ts
+var DEFAULT_COOLDOWN_BASE_MS = 5e3;
+var computeCooldownMs = (errorClass, consecutiveFailures, backoffParams, maxMs) => {
+  const noJitterParams = {
+    ...backoffParams,
+    jitter: "none"
+  };
+  let base;
+  if (errorClass.class === "RateLimited" && "retry_after_ms" in errorClass && errorClass.retry_after_ms !== void 0) {
+    base = Math.min(errorClass.retry_after_ms, maxMs);
+  } else if (errorClass.class === "RateLimited") {
+    base = computeBackoffMs(consecutiveFailures, noJitterParams);
+  } else if (errorClass.class === "TransientServerFailure") {
+    base = computeBackoffMs(consecutiveFailures, noJitterParams) / 2;
+  } else {
+    base = DEFAULT_COOLDOWN_BASE_MS;
+  }
+  base = Math.min(base, maxMs);
+  const jitterFraction = 0.1 + Math.random() * 0.15;
+  const jitter = jitterFraction * base;
+  return Math.min(base + jitter, maxMs);
+};
+var createCooldownManager = (registry, eventBus) => ({
+  setCooldown(target_id, durationMs, errorClass) {
+    const untilMs = Date.now() + durationMs;
+    registry.setCooldown(target_id, untilMs);
+    registry.updateState(target_id, "CoolingDown");
+    eventBus?.emit("cooldown_set", {
+      target_id,
+      until_ms: untilMs,
+      error_class: errorClass
+    });
+  },
+  checkExpired(nowMs) {
+    const expired = [];
+    for (const target of registry.getAllTargets()) {
+      if (target.state === "CoolingDown" && target.cooldown_until !== null && target.cooldown_until <= nowMs) {
+        registry.setCooldown(target.target_id, 0);
+        registry.updateState(target.target_id, "Active");
+        eventBus?.emit("cooldown_expired", { target_id: target.target_id });
+        expired.push(target.target_id);
+      }
+    }
+    return expired;
+  },
+  isInCooldown(target_id, nowMs) {
+    const target = registry.getTarget(target_id);
+    if (!target) {
+      return false;
+    }
+    return target.cooldown_until !== null && target.cooldown_until > nowMs;
+  }
+});
+
+// src/routing/admission.ts
+import PQueue from "p-queue";
+var checkHardRejects = (ctx) => {
+  if (!ctx.hasEligibleTargets) {
+    return { result: "rejected", reason: "no eligible targets available" };
+  }
+  if (ctx.operatorPaused) {
+    return { result: "rejected", reason: "operator pause active" };
+  }
+  if (ctx.retryBudgetRemaining <= 0) {
+    return { result: "rejected", reason: "retry budget exhausted" };
+  }
+  if (ctx.failoverBudgetRemaining <= 0) {
+    return { result: "rejected", reason: "failover budget exhausted" };
+  }
+  return null;
+};
+var createAdmissionController = (config, eventBus) => {
+  const queue = new PQueue({
+    concurrency: config.concurrencyLimit
+  });
+  const emitDecision = (request_id, decision) => {
+    eventBus?.emit("admission_decision", {
+      request_id,
+      result: decision.result,
+      reason: decision.reason
+    });
+  };
+  const controller = {
+    async admit(request_id, ctx) {
+      const hardReject = checkHardRejects(ctx);
+      if (hardReject) {
+        emitDecision(request_id, hardReject);
+        return hardReject;
+      }
+      if (queue.size > config.backpressureThreshold) {
+        const decision2 = {
+          result: "degraded",
+          reason: `backpressure: ${queue.size} queued > ${config.backpressureThreshold} threshold`
+        };
+        emitDecision(request_id, decision2);
+        return decision2;
+      }
+      const total = queue.size + queue.pending;
+      if (total >= config.queueLimit + config.concurrencyLimit) {
+        const decision2 = {
+          result: "rejected",
+          reason: `queue full: ${total} >= ${config.queueLimit + config.concurrencyLimit}`
+        };
+        emitDecision(request_id, decision2);
+        return decision2;
+      }
+      const decision = {
+        result: "admitted",
+        reason: "capacity available"
+      };
+      emitDecision(request_id, decision);
+      return decision;
+    },
+    async execute(fn, request_id, ctx) {
+      const decision = await controller.admit(request_id, ctx);
+      if (decision.result === "rejected") {
+        return { decision };
+      }
+      const result = await queue.add(fn);
+      return { decision, result };
+    },
+    get pending() {
+      return queue.pending;
+    },
+    get size() {
+      return queue.size;
+    }
+  };
+  return controller;
+};
+
+// src/routing/log-subscriber.ts
+var createLogSubscriber = (eventBus, logger) => {
+  const log = logger.child({ component: "routing" });
+  const onCircuitStateChange = (payload) => {
+    log.info(
+      {
+        event: "circuit_state_change",
+        target_id: payload.target_id,
+        from: payload.from,
+        to: payload.to,
+        reason: payload.reason
+      },
+      "Circuit breaker transition"
+    );
+  };
+  const onCooldownSet = (payload) => {
+    log.info(
+      {
+        event: "cooldown_set",
+        target_id: payload.target_id,
+        duration_ms: payload.until_ms - Date.now(),
+        error_class: payload.error_class
+      },
+      "Cooldown set"
+    );
+  };
+  const onCooldownExpired = (payload) => {
+    log.info(
+      {
+        event: "cooldown_expired",
+        target_id: payload.target_id
+      },
+      "Cooldown expired"
+    );
+  };
+  const onAdmissionDecision = (payload) => {
+    const fields = {
+      event: "admission_decision",
+      request_id: payload.request_id,
+      result: payload.result,
+      reason: payload.reason
+    };
+    if (payload.result === "admitted" || payload.result === "queued") {
+      log.info(fields, "Admission decision");
+    } else {
+      log.warn(fields, "Admission decision");
+    }
+  };
+  const onHealthUpdated = (payload) => {
+    log.debug(
+      {
+        event: "health_updated",
+        target_id: payload.target_id,
+        old_score: payload.old_score,
+        new_score: payload.new_score
+      },
+      "Health score updated"
+    );
+  };
+  const onTargetExcluded = (payload) => {
+    log.debug(
+      {
+        event: "target_excluded",
+        target_id: payload.target_id,
+        reason: payload.reason
+      },
+      "Target excluded"
+    );
+  };
+  eventBus.on("circuit_state_change", onCircuitStateChange);
+  eventBus.on("cooldown_set", onCooldownSet);
+  eventBus.on("cooldown_expired", onCooldownExpired);
+  eventBus.on("admission_decision", onAdmissionDecision);
+  eventBus.on("health_updated", onHealthUpdated);
+  eventBus.on("target_excluded", onTargetExcluded);
+  return () => {
+    eventBus.off("circuit_state_change", onCircuitStateChange);
+    eventBus.off("cooldown_set", onCooldownSet);
+    eventBus.off("cooldown_expired", onCooldownExpired);
+    eventBus.off("admission_decision", onAdmissionDecision);
+    eventBus.off("health_updated", onHealthUpdated);
+    eventBus.off("target_excluded", onTargetExcluded);
+  };
+};
+
+// src/routing/failover.ts
+var createFailoverOrchestrator = (deps) => ({
+  async execute(request_id, attemptFn, requiredCapabilities) {
+    const log = deps.logger?.child({ component: "failover", request_id });
+    const attempts = [];
+    const failedTargets = /* @__PURE__ */ new Set();
+    let totalRetries = 0;
+    let totalFailovers = 0;
+    let lastErrorClass;
+    log?.info(
+      { event: "failover_start", retry_budget: deps.retryBudget, failover_budget: deps.failoverBudget },
+      "Failover loop started"
+    );
+    for (let failoverNo = 0; failoverNo <= deps.failoverBudget; failoverNo++) {
+      deps.cooldownManager.checkExpired(Date.now());
+      const snapshot = deps.registry.getSnapshot();
+      const selection = selectTarget(
+        snapshot,
+        deps.circuitBreakers,
+        requiredCapabilities,
+        deps.weights,
+        deps.maxLatencyMs,
+        Date.now(),
+        request_id,
+        failedTargets
+      );
+      if (!selection.selected) {
+        log?.warn(
+          { event: "no_eligible_target", failover_no: failoverNo },
+          "No eligible target available"
+        );
+        return {
+          outcome: "failure",
+          reason: "no eligible target available",
+          attempts,
+          total_retries: totalRetries,
+          total_failovers: totalFailovers,
+          last_error_class: lastErrorClass
+        };
+      }
+      const targetId = selection.selected.target_id;
+      const retryPolicy = createRetryPolicy(
+        deps.retryBudget,
+        deps.backoffParams
+      );
+      for (let retry = 0; retry <= deps.retryBudget; retry++) {
+        const attemptNo = retry + 1;
+        const acquired = deps.concurrency.acquire(targetId);
+        if (!acquired) {
+          log?.warn(
+            { event: "concurrency_full", target_id: targetId, failover_no: failoverNo },
+            "No concurrency headroom \u2014 failing over"
+          );
+          failedTargets.add(targetId);
+          break;
+        }
+        let attemptResult;
+        try {
+          attemptResult = await attemptFn(targetId);
+        } finally {
+          deps.concurrency.release(targetId);
+        }
+        if (attemptResult.success) {
+          const cb2 = deps.circuitBreakers.get(targetId);
+          if (cb2) {
+            await cb2.recordSuccess();
+          }
+          deps.registry.recordObservation(targetId, 1);
+          deps.registry.updateLatency(targetId, attemptResult.latency_ms);
+          log?.info(
+            { event: "attempt_success", target_id: targetId, attempt_no: attemptNo, failover_no: failoverNo, latency_ms: attemptResult.latency_ms },
+            "Attempt succeeded"
+          );
+          attempts.push({
+            target_id: targetId,
+            attempt_no: attemptNo,
+            failover_no: failoverNo,
+            outcome: "success",
+            latency_ms: attemptResult.latency_ms,
+            selection
+          });
+          return {
+            outcome: "success",
+            target_id: targetId,
+            attempts,
+            total_retries: totalRetries,
+            total_failovers: totalFailovers,
+            value: attemptResult.value
+          };
+        }
+        const errorClass = attemptResult.error_class;
+        lastErrorClass = errorClass.class;
+        const cb = deps.circuitBreakers.get(targetId);
+        if (cb) {
+          await cb.recordFailure();
+        }
+        deps.registry.recordObservation(targetId, 0);
+        const stateTransition = getTargetStateTransition(errorClass);
+        if (stateTransition) {
+          deps.registry.updateState(targetId, stateTransition);
+        }
+        if (errorClass.class === "RateLimited") {
+          const cooldownMs = computeCooldownMs(
+            errorClass,
+            retry,
+            deps.backoffParams,
+            deps.backoffParams.max_ms
+          );
+          deps.cooldownManager.setCooldown(
+            targetId,
+            cooldownMs,
+            errorClass.class
+          );
+        }
+        if (errorClass.class === "ModelUnavailable") {
+          log?.info(
+            { event: "early_failover", target_id: targetId, error_class: errorClass.class, failover_no: failoverNo },
+            "Early failover \u2014 ModelUnavailable"
+          );
+          attempts.push({
+            target_id: targetId,
+            attempt_no: attemptNo,
+            failover_no: failoverNo,
+            outcome: "failover",
+            error_class: errorClass.class,
+            latency_ms: attemptResult.latency_ms,
+            selection
+          });
+          failedTargets.add(targetId);
+          totalFailovers++;
+          break;
+        }
+        if (!isRetryable(errorClass)) {
+          log?.warn(
+            { event: "abort", target_id: targetId, error_class: errorClass.class },
+            "Non-retryable error \u2014 aborting"
+          );
+          attempts.push({
+            target_id: targetId,
+            attempt_no: attemptNo,
+            failover_no: failoverNo,
+            outcome: "abort",
+            error_class: errorClass.class,
+            latency_ms: attemptResult.latency_ms,
+            selection
+          });
+          return {
+            outcome: "failure",
+            reason: `non-retryable: ${errorClass.class}`,
+            attempts,
+            total_retries: totalRetries,
+            total_failovers: totalFailovers,
+            last_error_class: errorClass.class
+          };
+        }
+        const decision = retryPolicy.decide(
+          {
+            error_class: errorClass,
+            detection_mode: "direct",
+            confidence: "high",
+            raw_signal: { detection_mode: "direct" }
+          },
+          retry
+        );
+        if (decision.action === "exhausted") {
+          log?.info(
+            { event: "retry_budget_exhausted", target_id: targetId, failover_no: failoverNo },
+            "Retry budget exhausted \u2014 failing over"
+          );
+          attempts.push({
+            target_id: targetId,
+            attempt_no: attemptNo,
+            failover_no: failoverNo,
+            outcome: "failover",
+            error_class: errorClass.class,
+            latency_ms: attemptResult.latency_ms,
+            selection
+          });
+          failedTargets.add(targetId);
+          totalFailovers++;
+          break;
+        }
+        attempts.push({
+          target_id: targetId,
+          attempt_no: attemptNo,
+          failover_no: failoverNo,
+          outcome: "retry",
+          error_class: errorClass.class,
+          latency_ms: attemptResult.latency_ms,
+          selection
+        });
+        totalRetries++;
+        if (decision.action === "retry") {
+          log?.info(
+            { event: "retry", target_id: targetId, attempt_no: attemptNo, error_class: errorClass.class, delay_ms: decision.delay_ms },
+            "Retrying after delay"
+          );
+          await new Promise(
+            (resolve) => setTimeout(resolve, decision.delay_ms)
+          );
+        }
+      }
+    }
+    log?.warn(
+      { event: "failover_budget_exhausted", total_retries: totalRetries, total_failovers: totalFailovers },
+      "Failover budget exhausted"
+    );
+    return {
+      outcome: "failure",
+      reason: "failover budget exhausted",
+      attempts,
+      total_retries: totalRetries,
+      total_failovers: totalFailovers,
+      last_error_class: lastErrorClass
+    };
+  }
+});
+
+// src/operator/reload.ts
+var computeConfigDiff = (oldConfig, newConfig) => {
+  const oldTargets = oldConfig.targets ?? [];
+  const newTargets = newConfig.targets ?? [];
+  const oldIds = new Set(oldTargets.map((t) => t.target_id));
+  const newIds = new Set(newTargets.map((t) => t.target_id));
+  const oldMap = new Map(oldTargets.map((t) => [t.target_id, t]));
+  const added = newTargets.filter((t) => !oldIds.has(t.target_id));
+  const removed = oldTargets.filter((t) => !newIds.has(t.target_id)).map((t) => t.target_id);
+  const modified = newTargets.filter((t) => {
+    if (!oldIds.has(t.target_id)) {
+      return false;
+    }
+    const old = oldMap.get(t.target_id);
+    if (!old) {
+      return false;
+    }
+    return hasConfigChanged(old, t);
+  });
+  return { added, removed, modified };
+};
+var hasConfigChanged = (oldTarget, newTarget) => {
+  if (oldTarget.profile !== newTarget.profile) return true;
+  if (oldTarget.enabled !== newTarget.enabled) return true;
+  if (oldTarget.operator_priority !== newTarget.operator_priority) return true;
+  if (JSON.stringify(oldTarget.policy_tags) !== JSON.stringify(newTarget.policy_tags)) return true;
+  if (JSON.stringify(oldTarget.capabilities) !== JSON.stringify(newTarget.capabilities)) return true;
+  if (oldTarget.retry_budget !== newTarget.retry_budget) return true;
+  if (oldTarget.failover_budget !== newTarget.failover_budget) return true;
+  if (oldTarget.concurrency_limit !== newTarget.concurrency_limit) return true;
+  return false;
+};
+var applyConfigDiff = (registry, diff) => {
+  for (const tc of diff.added) {
+    const entry = {
+      target_id: tc.target_id,
+      provider_id: tc.provider_id,
+      profile: tc.profile,
+      endpoint_id: tc.endpoint_id,
+      capabilities: [...tc.capabilities],
+      enabled: tc.enabled,
+      state: "Active",
+      health_score: INITIAL_HEALTH_SCORE,
+      cooldown_until: null,
+      latency_ema_ms: 0,
+      failure_score: 0,
+      operator_priority: tc.operator_priority,
+      policy_tags: [...tc.policy_tags]
+    };
+    registry.addTarget(entry);
+  }
+  for (const id of diff.removed) {
+    registry.updateState(id, "Disabled");
+  }
+  for (const tc of diff.modified) {
+    const existing = registry.getTarget(tc.target_id);
+    if (existing) {
+      const updated = {
+        ...existing,
+        provider_id: tc.provider_id,
+        profile: tc.profile,
+        endpoint_id: tc.endpoint_id,
+        capabilities: [...tc.capabilities],
+        enabled: tc.enabled,
+        operator_priority: tc.operator_priority,
+        policy_tags: [...tc.policy_tags]
+      };
+      registry.removeTarget(tc.target_id);
+      registry.addTarget(updated);
+    }
+  }
+};
+
+// src/operator/commands.ts
+var createRequestTraceBuffer = (capacity) => {
+  const entries = /* @__PURE__ */ new Map();
+  const order = [];
+  return {
+    record(entry) {
+      if (entries.has(entry.request_id)) {
+        const idx = order.indexOf(entry.request_id);
+        if (idx !== -1) {
+          order.splice(idx, 1);
+        }
+      }
+      while (order.length >= capacity) {
+        const oldest = order.shift();
+        if (oldest !== void 0) {
+          entries.delete(oldest);
+        }
+      }
+      entries.set(entry.request_id, entry);
+      order.push(entry.request_id);
+    },
+    lookup(requestId) {
+      return entries.get(requestId);
+    },
+    size() {
+      return entries.size;
+    }
+  };
+};
+var listTargets = (deps) => {
+  const allTargets = deps.registry.getAllTargets();
+  const targets = allTargets.map((t) => {
+    const cb = deps.circuitBreakers.get(t.target_id);
+    const cbState = cb ? cb.state() : "Active";
+    return {
+      target_id: t.target_id,
+      provider_id: t.provider_id,
+      profile: t.profile,
+      state: t.state,
+      health_score: t.health_score,
+      circuit_breaker_state: cbState,
+      cooldown_until: t.cooldown_until,
+      enabled: t.enabled,
+      latency_ema_ms: t.latency_ema_ms,
+      failure_score: t.failure_score,
+      operator_priority: t.operator_priority
+    };
+  });
+  return { targets, count: targets.length };
+};
+var targetAction = (deps, targetId, action, newState) => {
+  const updated = deps.registry.updateState(targetId, newState);
+  if (!updated) {
+    return { success: false, target_id: targetId, action, error: "target not found" };
+  }
+  return { success: true, target_id: targetId, action };
+};
+var pauseTarget = (deps, targetId) => targetAction(deps, targetId, "pause", "Disabled");
+var resumeTarget = (deps, targetId) => targetAction(deps, targetId, "resume", "Active");
+var drainTarget = (deps, targetId) => targetAction(deps, targetId, "drain", "Draining");
+var disableTarget = (deps, targetId) => targetAction(deps, targetId, "disable", "Disabled");
+var inspectRequest = (deps, requestId) => {
+  const trace = deps.traceBuffer.lookup(requestId);
+  if (!trace) {
+    return { found: false, request_id: requestId };
+  }
+  return { found: true, request_id: requestId, trace };
+};
+var reloadConfig = (deps, rawConfig) => {
+  try {
+    const newConfig = validateConfig(rawConfig);
+    const currentConfig = deps.configRef.current();
+    const diff = computeConfigDiff(currentConfig, newConfig);
+    applyConfigDiff(deps.registry, diff);
+    deps.configRef.swap(newConfig);
+    return {
+      success: true,
+      added: diff.added.map((t) => t.target_id),
+      removed: [...diff.removed],
+      modified: diff.modified.map((t) => t.target_id)
+    };
+  } catch (err) {
+    if (err instanceof ConfigValidationError) {
+      return {
+        success: false,
+        added: [],
+        removed: [],
+        modified: [],
+        diagnostics: err.diagnostics
+      };
+    }
+    throw err;
+  }
+};
+
+// src/operator/plugin-tools.ts
+import { tool } from "@opencode-ai/plugin/tool";
+var { schema: z3 } = tool;
+var createOperatorTools = (deps) => ({
+  listTargets: tool({
+    description: "List all routing targets with health scores, states, and circuit breaker status.",
+    args: {},
+    async execute() {
+      deps.logger.info({ op: "listTargets" }, "operator: listTargets");
+      const result = listTargets(deps);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  pauseTarget: tool({
+    description: "Pause a target, preventing new requests from being routed to it.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "pauseTarget", target_id: args.target_id },
+        "operator: pauseTarget"
+      );
+      const result = pauseTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  resumeTarget: tool({
+    description: "Resume a previously paused or disabled target, allowing new requests.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "resumeTarget", target_id: args.target_id },
+        "operator: resumeTarget"
+      );
+      const result = resumeTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  drainTarget: tool({
+    description: "Drain a target, allowing in-flight requests to complete but preventing new ones.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "drainTarget", target_id: args.target_id },
+        "operator: drainTarget"
+      );
+      const result = drainTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  disableTarget: tool({
+    description: "Disable a target entirely, removing it from routing.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "disableTarget", target_id: args.target_id },
+        "operator: disableTarget"
+      );
+      const result = disableTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  inspectRequest: tool({
+    description: "Inspect a request trace by ID, showing attempts, segments, and outcome.",
+    args: { request_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "inspectRequest", request_id: args.request_id },
+        "operator: inspectRequest"
+      );
+      const result = inspectRequest(deps, args.request_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  reloadConfig: tool({
+    description: "Reload routing configuration with diff-apply. Validates new config before applying.",
+    args: { config: z3.record(z3.string(), z3.unknown()) },
+    async execute(args) {
+      deps.logger.info({ op: "reloadConfig" }, "operator: reloadConfig");
+      const result = reloadConfig(deps, args.config);
+      return JSON.stringify(result, null, 2);
+    }
+  })
+});
+
+// src/profiles/store.ts
+import { readFile, writeFile, rename, mkdir } from "fs/promises";
+import { homedir } from "os";
+import { join, dirname } from "path";
+var PROFILES_DIR = join(homedir(), ".local", "share", "o-switcher");
+var PROFILES_PATH = join(PROFILES_DIR, "profiles.json");
+var loadProfiles = async (path = PROFILES_PATH) => {
+  try {
+    const content = await readFile(path, "utf-8");
+    return JSON.parse(content);
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") {
+      return {};
+    }
+    throw err;
+  }
+};
+var saveProfiles = async (store, path = PROFILES_PATH, logger) => {
+  const dir = dirname(path);
+  await mkdir(dir, { recursive: true });
+  const tmpPath = `${path}.tmp`;
+  await writeFile(tmpPath, JSON.stringify(store, null, 2), "utf-8");
+  await rename(tmpPath, path);
+  logger?.info({ path }, "Profiles saved to disk");
+};
+var credentialsMatch = (a, b) => {
+  if (a.type !== b.type) return false;
+  if (a.type === "api-key" && b.type === "api-key") {
+    return a.key === b.key;
+  }
+  if (a.type === "oauth" && b.type === "oauth") {
+    return a.refresh === b.refresh && a.access === b.access && a.expires === b.expires && a.accountId === b.accountId;
+  }
+  return false;
+};
+var addProfile = (store, provider, credentials) => {
+  const isDuplicate = Object.values(store).some(
+    (entry2) => entry2.provider === provider && credentialsMatch(entry2.credentials, credentials)
+  );
+  if (isDuplicate) {
+    return store;
+  }
+  const id = nextProfileId(store, provider);
+  const entry = {
+    id,
+    provider,
+    type: credentials.type,
+    credentials,
+    created: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  return { ...store, [id]: entry };
+};
+var removeProfile = (store, id) => {
+  if (store[id] === void 0) {
+    return { store, removed: false };
+  }
+  const { [id]: _removed, ...rest } = store;
+  return { store: rest, removed: true };
+};
+var listProfiles = (store) => {
+  return Object.values(store).sort(
+    (a, b) => new Date(a.created).getTime() - new Date(b.created).getTime()
+  );
+};
+var nextProfileId = (store, provider) => {
+  const prefix = `${provider}-`;
+  const maxN = Object.keys(store).filter((key) => key.startsWith(prefix)).map((key) => Number(key.slice(prefix.length))).filter((n) => !Number.isNaN(n)).reduce((max, n) => Math.max(max, n), 0);
+  return `${provider}-${maxN + 1}`;
+};
+
+// src/profiles/watcher.ts
+import { readFile as readFile2, watch } from "fs/promises";
+import { homedir as homedir2 } from "os";
+import { join as join2, dirname as dirname2 } from "path";
+var AUTH_JSON_PATH = join2(
+  homedir2(),
+  ".local",
+  "share",
+  "opencode",
+  "auth.json"
+);
+var DEBOUNCE_MS = 100;
+var readAuthJson = async (path) => {
+  try {
+    const content = await readFile2(path, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return {};
+  }
+};
+var toCredential = (entry) => {
+  if (entry.type === "oauth" || entry.refresh !== void 0 && entry.access !== void 0) {
+    return {
+      type: "oauth",
+      refresh: String(entry.refresh ?? ""),
+      access: String(entry.access ?? ""),
+      expires: Number(entry.expires ?? 0),
+      accountId: entry.accountId !== void 0 ? String(entry.accountId) : void 0
+    };
+  }
+  return {
+    type: "api-key",
+    key: String(entry.key ?? "")
+  };
+};
+var entriesEqual = (a, b) => {
+  if (a === void 0 && b === void 0) return true;
+  if (a === void 0 || b === void 0) return false;
+  return JSON.stringify(a) === JSON.stringify(b);
+};
+var createAuthWatcher = (options) => {
+  const authPath = options?.authJsonPath ?? AUTH_JSON_PATH;
+  const profPath = options?.profilesPath ?? PROFILES_PATH;
+  const log = options?.logger?.child({ component: "profile-watcher" });
+  let lastKnownAuth = {};
+  let abortController = null;
+  let debounceTimer = null;
+  let watchPromise = null;
+  const processChange = async () => {
+    const newAuth = await readAuthJson(authPath);
+    let store = await loadProfiles(profPath);
+    let changed = false;
+    for (const [provider, entry] of Object.entries(newAuth)) {
+      if (!entry) continue;
+      const previousEntry = lastKnownAuth[provider];
+      if (previousEntry !== void 0 && !entriesEqual(previousEntry, entry)) {
+        log?.info({ provider, action: "credential_changed" }, "Credential change detected \u2014 saving previous credential");
+        const prevCredential = toCredential(previousEntry);
+        const newStore = addProfile(store, provider, prevCredential);
+        if (newStore !== store) {
+          store = newStore;
+          changed = true;
+        }
+      } else if (previousEntry === void 0) {
+        log?.info({ provider, action: "new_provider" }, "New provider detected");
+        const credential = toCredential(entry);
+        const newStore = addProfile(store, provider, credential);
+        if (newStore !== store) {
+          store = newStore;
+          changed = true;
+        }
+      }
+    }
+    if (changed) {
+      await saveProfiles(store, profPath);
+      log?.info({ profiles_saved: true }, "Profiles saved to disk");
+    }
+    lastKnownAuth = newAuth;
+  };
+  const onFileChange = () => {
+    if (debounceTimer !== null) {
+      clearTimeout(debounceTimer);
+    }
+    debounceTimer = setTimeout(() => {
+      debounceTimer = null;
+      processChange().catch((err) => {
+        log?.warn({ err }, "Error processing auth change");
+      });
+    }, DEBOUNCE_MS);
+  };
+  const start = async () => {
+    const currentAuth = await readAuthJson(authPath);
+    const currentStore = await loadProfiles(profPath);
+    log?.info({ providers: Object.keys(currentAuth) }, "Auth watcher started");
+    if (Object.keys(currentStore).length === 0 && Object.keys(currentAuth).length > 0) {
+      let store = {};
+      for (const [provider, entry] of Object.entries(currentAuth)) {
+        if (!entry) continue;
+        const credential = toCredential(entry);
+        store = addProfile(store, provider, credential);
+      }
+      await saveProfiles(store, profPath);
+      log?.info({ profiles_initialized: Object.keys(store).length }, "Initialized profiles from auth.json");
+    }
+    lastKnownAuth = currentAuth;
+    abortController = new AbortController();
+    const parentDir = dirname2(authPath);
+    watchPromise = (async () => {
+      try {
+        const watcher = watch(parentDir, {
+          signal: abortController.signal
+        });
+        for await (const event of watcher) {
+          if (event.filename === "auth.json" || event.filename === null) {
+            onFileChange();
+          }
+        }
+      } catch (err) {
+        const name = err.name;
+        if (name !== "AbortError") {
+        }
+      }
+    })();
+  };
+  const stop = () => {
+    if (debounceTimer !== null) {
+      clearTimeout(debounceTimer);
+      debounceTimer = null;
+    }
+    if (abortController !== null) {
+      abortController.abort();
+      abortController = null;
+    }
+    watchPromise = null;
+    log?.info("Auth watcher stopped");
+  };
+  return { start, stop };
+};
+
+// src/profiles/tools.ts
+import { tool as tool2 } from "@opencode-ai/plugin/tool";
+var { schema: z4 } = tool2;
+var createProfileTools = (options) => ({
+  profilesList: tool2({
+    description: "List all saved auth profiles with provider, type, and creation date.",
+    args: {},
+    async execute() {
+      const store = await loadProfiles(options?.profilesPath);
+      const profiles = listProfiles(store);
+      const result = profiles.map((entry) => ({
+        id: entry.id,
+        provider: entry.provider,
+        type: entry.type,
+        created: entry.created
+      }));
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  profilesRemove: tool2({
+    description: "Remove a saved auth profile by ID.",
+    args: { id: z4.string().min(1) },
+    async execute(args) {
+      const store = await loadProfiles(options?.profilesPath);
+      const { store: newStore, removed } = removeProfile(store, args.id);
+      if (removed) {
+        await saveProfiles(newStore, options?.profilesPath);
+        return JSON.stringify({ success: true, id: args.id });
+      }
+      return JSON.stringify({
+        success: false,
+        id: args.id,
+        error: "Profile not found"
+      });
+    }
+  })
+});
+
+export {
+  DEFAULT_RETRY_BUDGET,
+  DEFAULT_FAILOVER_BUDGET,
+  DEFAULT_BACKOFF_BASE_MS,
+  DEFAULT_BACKOFF_MULTIPLIER,
+  DEFAULT_BACKOFF_MAX_MS,
+  DEFAULT_BACKOFF_JITTER,
+  DEFAULT_RETRY,
+  DEFAULT_TIMEOUT_MS,
+  BackoffConfigSchema,
+  TargetConfigSchema,
+  SwitcherConfigSchema,
+  ConfigValidationError,
+  validateConfig,
+  discoverTargets,
+  discoverTargetsFromProfiles,
+  INITIAL_HEALTH_SCORE,
+  DEFAULT_ALPHA,
+  updateHealthScore,
+  updateLatencyEma,
+  TargetRegistry,
+  createRegistry,
+  TARGET_STATES,
+  REDACT_PATHS,
+  createAuditLogger,
+  createRequestLogger,
+  generateCorrelationId,
+  ErrorClassSchema,
+  isRetryable,
+  getTargetStateTransition,
+  DEFAULT_BACKOFF_PARAMS,
+  computeBackoffMs,
+  createRetryPolicy,
+  EXCLUSION_REASONS,
+  ADMISSION_RESULTS,
+  createRoutingEventBus,
+  DualBreaker,
+  createCircuitBreaker,
+  createConcurrencyTracker,
+  normalizeLatency,
+  computeScore,
+  getExclusionReason,
+  selectTarget,
+  computeCooldownMs,
+  createCooldownManager,
+  checkHardRejects,
+  createAdmissionController,
+  createLogSubscriber,
+  createFailoverOrchestrator,
+  computeConfigDiff,
+  applyConfigDiff,
+  createRequestTraceBuffer,
+  listTargets,
+  pauseTarget,
+  resumeTarget,
+  drainTarget,
+  disableTarget,
+  inspectRequest,
+  reloadConfig,
+  createOperatorTools,
+  loadProfiles,
+  saveProfiles,
+  addProfile,
+  removeProfile,
+  listProfiles,
+  nextProfileId,
+  createAuthWatcher,
+  createProfileTools
+};
+//# sourceMappingURL=chunk-BTDKGS7P.js.map