@almightygpt/core 0.10.0 → 0.11.0

package/src/auth/validator.ts

@@ -72,6 +72,20 @@ export async function validateKey(
       case "google":
         result = await validateGoogle(key);
         break;
+      case "openrouter":
+        result = await validateOpenRouter(key);
+        break;
+      case "ollama":
+        // Ollama has no key — "validation" means probing the local
+        // daemon. The key arg is ignored.
+        result = await validateOllama();
+        break;
+      default: {
+        // Exhaustiveness check — TypeScript will error here if a new
+        // ProviderId is added without a switch case.
+        const _exhaustive: never = provider;
+        throw new Error(`Unknown provider: ${String(_exhaustive)}`);
+      }
     }
     result.latencyMs = Date.now() - start;
     return result;
@@ -107,7 +121,7 @@ async function validateOpenAI(key: string): Promise<ValidationResult> {
       return {
         ok: false,
         statusCode: res.status,
-        error: normalizeOpenAIError(res.status, rawBody),
+        error: normalizeOpenAIError(res.status, rawBody, key),
         rawBody,
       };
     }
@@ -142,7 +156,7 @@ async function validateAnthropic(key: string): Promise<ValidationResult> {
       return {
         ok: false,
         statusCode: res.status,
-        error: normalizeAnthropicError(res.status, rawBody),
+        error: normalizeAnthropicError(res.status, rawBody, key),
         rawBody,
       };
     }
@@ -187,34 +201,112 @@ async function validateGoogle(key: string): Promise<ValidationResult> {
   }
 }
 
+async function validateOpenRouter(key: string): Promise<ValidationResult> {
+  // OpenRouter is OpenAI-compatible at https://openrouter.ai/api/v1.
+  // Same chat-completions shape — point fetch at OR's base URL.
+  const model = DEFAULT_MODELS.openrouter;
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), VALIDATION_TIMEOUT_MS);
+  try {
+    const res = await fetch("https://openrouter.ai/api/v1/chat/completions", {
+      method: "POST",
+      headers: {
+        "content-type": "application/json",
+        authorization: `Bearer ${key}`,
+        "HTTP-Referer": "https://github.com/roxjayanath/almightygpt",
+        "X-Title": "AlmightyGPT validation",
+      },
+      body: JSON.stringify({
+        model,
+        messages: [{ role: "user", content: "hi" }],
+        max_tokens: 1,
+      }),
+      signal: controller.signal,
+    });
+    if (!res.ok) {
+      const rawBody = await res.text().catch(() => "");
+      return {
+        ok: false,
+        statusCode: res.status,
+        error: normalizeOpenRouterError(res.status, rawBody, key),
+        rawBody,
+      };
+    }
+    const data = (await res.json()) as { model?: string };
+    return { ok: true, model: data.model ?? model };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+async function validateOllama(): Promise<ValidationResult> {
+  // No key. Probe the local daemon at /api/tags — cheap, no model
+  // invocation. If the user has Ollama running, this confirms the
+  // adapter can reach it. Doesn't confirm the default model is
+  // pulled — that surfaces on the first real call.
+  const baseUrl = process.env["OLLAMA_BASE_URL"] ?? "http://localhost:11434";
+  const probeUrl = baseUrl.replace(/\/v1\/?$/, "") + "/api/tags";
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), 3000);
+  try {
+    const res = await fetch(probeUrl, { signal: controller.signal });
+    if (!res.ok) {
+      return {
+        ok: false,
+        statusCode: res.status,
+        error: `[${res.status}] Ollama daemon at ${baseUrl} responded with an error.`,
+      };
+    }
+    return { ok: true, model: DEFAULT_MODELS.ollama };
+  } catch (err) {
+    return {
+      ok: false,
+      error:
+        `Ollama daemon unreachable at ${baseUrl}. Is Ollama installed ` +
+        `and running? Try \`ollama serve\` or open the Ollama app.`,
+      rawBody: err instanceof Error ? err.message : String(err),
+    };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
 // ─── Error normalization (Codex v0.8 P2 #6) ──────────────────────────
 //
 // Parse known provider JSON error shapes into short, user-safe messages.
 // Never echo the raw key back even by accident (defense in depth: we
 // also redact anything that looks like the submitted key).
 
-function normalizeOpenAIError(status: number, rawBody: string): string {
+function normalizeOpenAIError(
+  status: number,
+  rawBody: string,
+  submittedKey: string,
+): string {
   // OpenAI shape: { "error": { "message": "...", "type": "...", "code": "..." } }
   try {
     const parsed = JSON.parse(rawBody) as {
       error?: { message?: string; type?: string; code?: string };
     };
     const msg = parsed.error?.message;
-    if (msg) return `[${status}] OpenAI: ${truncate(msg, 200)}`;
+    if (msg) return `[${status}] OpenAI: ${truncate(redactKey(msg, submittedKey), 200)}`;
   } catch {
     /* fall through */
   }
   return statusOnlyMessage("OpenAI", status);
 }
 
-function normalizeAnthropicError(status: number, rawBody: string): string {
+function normalizeAnthropicError(
+  status: number,
+  rawBody: string,
+  submittedKey: string,
+): string {
   // Anthropic shape: { "type": "error", "error": { "type": "...", "message": "..." } }
   try {
     const parsed = JSON.parse(rawBody) as {
       error?: { type?: string; message?: string };
     };
     const msg = parsed.error?.message;
-    if (msg) return `[${status}] Anthropic: ${truncate(msg, 200)}`;
+    if (msg) return `[${status}] Anthropic: ${truncate(redactKey(msg, submittedKey), 200)}`;
   } catch {
     /* fall through */
   }
@@ -231,18 +323,45 @@ function normalizeGoogleError(
     const parsed = JSON.parse(rawBody) as {
       error?: { code?: number; message?: string; status?: string };
     };
+    const msg = parsed.error?.message ?? "";
+    if (msg) return `[${status}] Google: ${truncate(redactKey(msg, submittedKey), 200)}`;
+  } catch {
+    /* fall through */
+  }
+  return statusOnlyMessage("Google", status);
+}
+
+/**
+ * Belt-and-braces: if a provider echoes the submitted key in its
+ * error body, redact before surfacing to the user. Codex's v0.8 P2 #6
+ * found this gap (originally Google-only); now applied to all three
+ * providers via this shared helper.
+ */
+function redactKey(msg: string, key: string): string {
+  if (!key || !msg.includes(key)) return msg;
+  return msg.split(key).join("<redacted-key>");
+}
+
+function normalizeOpenRouterError(
+  status: number,
+  rawBody: string,
+  submittedKey: string,
+): string {
+  // OpenRouter forwards provider errors but wraps them; shape is
+  // typically { "error": { "message": "...", "code": N } }.
+  try {
+    const parsed = JSON.parse(rawBody) as {
+      error?: { message?: string; code?: number };
+    };
     let msg = parsed.error?.message ?? "";
-    // Belt-and-braces redaction: Google sometimes echoes the key in
-    // error messages (e.g. "API key not valid. Pass a valid API key.")
-    // — we don't ship the actual key value if it ever ends up here.
     if (submittedKey && msg.includes(submittedKey)) {
       msg = msg.replace(submittedKey, "<redacted-key>");
     }
-    if (msg) return `[${status}] Google: ${truncate(msg, 200)}`;
+    if (msg) return `[${status}] OpenRouter: ${truncate(msg, 200)}`;
   } catch {
     /* fall through */
   }
-  return statusOnlyMessage("Google", status);
+  return statusOnlyMessage("OpenRouter", status);
 }
 
 function statusOnlyMessage(provider: string, status: number): string {

package/src/config/schema.ts

@@ -13,7 +13,14 @@ export const AgentRoleSchema = z.enum(["worker", "reviewer", "both", "optional"]
 export const AgentConfigSchema = z
   .object({
     enabled: z.boolean().default(true),
-    provider: z.enum(["openai", "anthropic", "google", "mock"]),
+    provider: z.enum([
+      "openai",
+      "anthropic",
+      "google",
+      "openrouter",
+      "ollama",
+      "mock",
+    ]),
     mode: z.enum(["api", "cli"]).default("api"),
     role: AgentRoleSchema.default("optional"),
     memoryFile: z.string().min(1),

package/src/index.ts

@@ -13,7 +13,7 @@
  *   - budget/     ✅ task #14 BudgetTracker + BudgetExceededError
  */
 
-export const VERSION = "0.10.0";
+export const VERSION = "0.11.0";
 
 // MCP server (v0.9.0+) — exposes AlmightyGPT's review surface as MCP tools.
 export { startMcpServer } from "./mcp/server.js";