npm - @almightygpt/core - Versions diffs - 0.9.1 → 0.9.2 - Mend

@almightygpt/core 0.9.1 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/dist/adapters/claude.d.ts.map +1 -1
package/dist/adapters/claude.js +3 -1
package/dist/adapters/claude.js.map +1 -1
package/dist/adapters/defaults.d.ts +34 -0
package/dist/adapters/defaults.d.ts.map +1 -0
package/dist/adapters/defaults.js +41 -0
package/dist/adapters/defaults.js.map +1 -0
package/dist/adapters/gemini.d.ts.map +1 -1
package/dist/adapters/gemini.js +3 -1
package/dist/adapters/gemini.js.map +1 -1
package/dist/adapters/openai.d.ts.map +1 -1
package/dist/adapters/openai.js +3 -1
package/dist/adapters/openai.js.map +1 -1
package/dist/auth/keychain.d.ts +11 -1
package/dist/auth/keychain.d.ts.map +1 -1
package/dist/auth/keychain.js +13 -4
package/dist/auth/keychain.js.map +1 -1
package/dist/auth/resolver.d.ts.map +1 -1
package/dist/auth/resolver.js +19 -3
package/dist/auth/resolver.js.map +1 -1
package/dist/auth/types.d.ts +18 -5
package/dist/auth/types.d.ts.map +1 -1
package/dist/auth/types.js +8 -6
package/dist/auth/types.js.map +1 -1
package/dist/auth/validator.d.ts +23 -3
package/dist/auth/validator.d.ts.map +1 -1
package/dist/auth/validator.js +126 -21
package/dist/auth/validator.js.map +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +1 -1
package/package.json +1 -1
package/src/adapters/claude.ts +3 -1
package/src/adapters/defaults.ts +44 -0
package/src/adapters/gemini.ts +3 -1
package/src/adapters/openai.ts +3 -1
package/src/auth/keychain.ts +20 -6
package/src/auth/resolver.ts +23 -3
package/src/auth/types.ts +27 -8
package/src/auth/validator.ts +149 -25
package/src/index.ts +1 -1

package/dist/auth/validator.js CHANGED Viewed

@@ -13,14 +13,20 @@
  *   - Google:    tiny generateContent call against gemini-2.5-flash
  *
  * Cost is fractions of a cent per call. Latency is ~1-3 seconds.
- * Failure surfaces the provider's exact error message so the user
- * can fix it.
+ *
+ * **Error handling (per Codex v0.8 P2 #6):** failure responses are
+ * parsed into a short user-safe message + status code. We never
+ * return the raw provider body to the user — those bodies can include
+ * request IDs, billing/account state, org/project details, quota
+ * metadata, or other account information that's too noisy for CLI
+ * logs. The raw body is available via the `rawBody` field for callers
+ * that explicitly want it (e.g. debug mode).
+ *
+ * **Default models (per Codex v0.8 P2 #5):** sourced from
+ * `adapters/defaults.ts` — the single source of truth — so the
+ * validator can't drift from the adapters.
  */
-const DEFAULT_VALIDATION_MODELS = {
-    openai: "gpt-4o",
-    anthropic: "claude-sonnet-4-6",
-    google: "gemini-2.5-flash",
-};
+import { DEFAULT_MODELS } from "../adapters/defaults.js";
 const VALIDATION_TIMEOUT_MS = 15_000;
 /**
  * Validate that a key can actually invoke the model real reviews use.
@@ -28,25 +34,33 @@ const VALIDATION_TIMEOUT_MS = 15_000;
  * on programmer errors like an unsupported provider).
  */
 export async function validateKey(provider, key) {
+    const start = Date.now();
     try {
+        let result;
         switch (provider) {
             case "openai":
-                return await validateOpenAI(key);
+                result = await validateOpenAI(key);
+                break;
             case "anthropic":
-                return await validateAnthropic(key);
+                result = await validateAnthropic(key);
+                break;
             case "google":
-                return await validateGoogle(key);
+                result = await validateGoogle(key);
+                break;
         }
+        result.latencyMs = Date.now() - start;
+        return result;
     }
     catch (err) {
         return {
             ok: false,
-            error: err instanceof Error ? err.message : String(err),
+            error: friendlyNetworkError(err),
+            latencyMs: Date.now() - start,
         };
     }
 }
 async function validateOpenAI(key) {
-    const model = DEFAULT_VALIDATION_MODELS.openai;
+    const model = DEFAULT_MODELS.openai;
     const controller = new AbortController();
     const timer = setTimeout(() => controller.abort(), VALIDATION_TIMEOUT_MS);
     try {
@@ -64,7 +78,13 @@ async function validateOpenAI(key) {
             signal: controller.signal,
         });
         if (!res.ok) {
-            return { ok: false, error: await res.text().catch(() => res.statusText) };
+            const rawBody = await res.text().catch(() => "");
+            return {
+                ok: false,
+                statusCode: res.status,
+                error: normalizeOpenAIError(res.status, rawBody),
+                rawBody,
+            };
         }
         const data = (await res.json());
         return { ok: true, model: data.model ?? model };
@@ -74,7 +94,7 @@ async function validateOpenAI(key) {
     }
 }
 async function validateAnthropic(key) {
-    const model = DEFAULT_VALIDATION_MODELS.anthropic;
+    const model = DEFAULT_MODELS.anthropic;
     const controller = new AbortController();
     const timer = setTimeout(() => controller.abort(), VALIDATION_TIMEOUT_MS);
     try {
@@ -93,7 +113,13 @@ async function validateAnthropic(key) {
             signal: controller.signal,
         });
         if (!res.ok) {
-            return { ok: false, error: await res.text().catch(() => res.statusText) };
+            const rawBody = await res.text().catch(() => "");
+            return {
+                ok: false,
+                statusCode: res.status,
+                error: normalizeAnthropicError(res.status, rawBody),
+                rawBody,
+            };
         }
         const data = (await res.json());
         return { ok: true, model: data.model ?? model };
@@ -103,14 +129,11 @@ async function validateAnthropic(key) {
     }
 }
 async function validateGoogle(key) {
-    const model = DEFAULT_VALIDATION_MODELS.google;
+    const model = DEFAULT_MODELS.google;
     const controller = new AbortController();
     const timer = setTimeout(() => controller.abort(), VALIDATION_TIMEOUT_MS);
     try {
-        // Use x-goog-api-key header rather than ?key= URL parameter. URLs
-        // leak into proxy logs, HTTP tooling, crash diagnostics. The header
-        // path is supported by all v1beta endpoints. Codex's v0.8 security
-        // review flagged the URL-key approach as a P1.
+        // x-goog-api-key header (per v0.9.1 fix) — never the URL query.
         const url = `https://generativelanguage.googleapis.com/v1beta/models/${model}:generateContent`;
         const res = await fetch(url, {
             method: "POST",
@@ -125,7 +148,13 @@ async function validateGoogle(key) {
             signal: controller.signal,
         });
         if (!res.ok) {
-            return { ok: false, error: await res.text().catch(() => res.statusText) };
+            const rawBody = await res.text().catch(() => "");
+            return {
+                ok: false,
+                statusCode: res.status,
+                error: normalizeGoogleError(res.status, rawBody, key),
+                rawBody,
+            };
         }
         return { ok: true, model };
     }
@@ -133,4 +162,80 @@ async function validateGoogle(key) {
         clearTimeout(timer);
     }
 }
+// ─── Error normalization (Codex v0.8 P2 #6) ──────────────────────────
+//
+// Parse known provider JSON error shapes into short, user-safe messages.
+// Never echo the raw key back even by accident (defense in depth: we
+// also redact anything that looks like the submitted key).
+function normalizeOpenAIError(status, rawBody) {
+    // OpenAI shape: { "error": { "message": "...", "type": "...", "code": "..." } }
+    try {
+        const parsed = JSON.parse(rawBody);
+        const msg = parsed.error?.message;
+        if (msg)
+            return `[${status}] OpenAI: ${truncate(msg, 200)}`;
+    }
+    catch {
+        /* fall through */
+    }
+    return statusOnlyMessage("OpenAI", status);
+}
+function normalizeAnthropicError(status, rawBody) {
+    // Anthropic shape: { "type": "error", "error": { "type": "...", "message": "..." } }
+    try {
+        const parsed = JSON.parse(rawBody);
+        const msg = parsed.error?.message;
+        if (msg)
+            return `[${status}] Anthropic: ${truncate(msg, 200)}`;
+    }
+    catch {
+        /* fall through */
+    }
+    return statusOnlyMessage("Anthropic", status);
+}
+function normalizeGoogleError(status, rawBody, submittedKey) {
+    // Google shape: { "error": { "code": N, "message": "...", "status": "..." } }
+    try {
+        const parsed = JSON.parse(rawBody);
+        let msg = parsed.error?.message ?? "";
+        // Belt-and-braces redaction: Google sometimes echoes the key in
+        // error messages (e.g. "API key not valid. Pass a valid API key.")
+        // — we don't ship the actual key value if it ever ends up here.
+        if (submittedKey && msg.includes(submittedKey)) {
+            msg = msg.replace(submittedKey, "<redacted-key>");
+        }
+        if (msg)
+            return `[${status}] Google: ${truncate(msg, 200)}`;
+    }
+    catch {
+        /* fall through */
+    }
+    return statusOnlyMessage("Google", status);
+}
+function statusOnlyMessage(provider, status) {
+    if (status === 401 || status === 403) {
+        return `[${status}] ${provider} rejected the key (unauthorized).`;
+    }
+    if (status === 429) {
+        return `[${status}] ${provider} rate-limited or quota exceeded.`;
+    }
+    if (status >= 500) {
+        return `[${status}] ${provider} returned a server error; try again.`;
+    }
+    return `[${status}] ${provider} returned an unrecognized error.`;
+}
+function truncate(s, n) {
+    return s.length <= n ? s : s.slice(0, n - 1) + "…";
+}
+function friendlyNetworkError(err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (msg.includes("abort")) {
+        return "Validation timed out (network or provider too slow).";
+    }
+    if (msg.includes("ENOTFOUND") || msg.includes("ECONNREFUSED")) {
+        return "Could not reach the provider (network issue).";
+    }
+    // Generic — but never include random stack data; just the message.
+    return `Network error: ${truncate(msg, 200)}`;
+}
 //# sourceMappingURL=validator.js.map

package/dist/auth/validator.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/auth/validator.ts"],"names":[],"mappings":"AAAA~~;;;;;;;;;;;;;;;;;GAiBG~~;~~AAYH~~,~~MAAM~~,~~yBAAyB,GAA+B;IAC5D,MAAM,~~EAAE,~~QAAQ;IAChB~~,~~SAAS,~~EAAE,~~mBAAmB;IAC9B,~~MAAM,~~EAAE~~,~~kBAAkB;CAC3B,~~CAAC;~~AAEF~~,MAAM,qBAAqB,GAAG,MAAM,CAAC;AAErC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAAoB,EACpB,GAAW;IAEX,IAAI,CAAC;QACH,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,QAAQ;gBACX,~~OAAO~~,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;~~YACnC~~,KAAK,WAAW;gBACd,~~OAAO~~,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;~~YACtC~~,KAAK,QAAQ;gBACX,~~OAAO~~,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;~~QACrC~~,CAAC;~~IACH~~,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,~~GAAG~~,~~YAAY,KAAK,~~CAAC,~~CAAC,CAAC,~~GAAG,CAAC,~~OAAO~~,~~CAAC~~,~~CAAC~~,CAAC,~~MAAM~~,~~CAAC~~,GAAG,~~CAAC~~;~~SACxD~~,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,~~yBAAyB~~,CAAC,MAAM,CAAC;~~IAC/C~~,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,qBAAqB,CAAC,CAAC;IAC1E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,4CAA4C,EAAE;YACpE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,GAAG,EAAE;aAC/B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK;gBACL,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;gBAC3C,UAAU,EAAE,CAAC;aACd,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,~~EAAE~~,~~EAAE~~,~~EAAE~~,~~KAAK~~,EAAE,KAAK,EAAE,~~MAAM~~,~~GAAG~~,CAAC,~~IAAI~~,EAAE,~~CAAC~~,KAAK,~~CAAC~~,GAAG,EAAE,CAAC,GAAG,CAAC,~~UAAU~~,CAAC,~~EAAE~~,CAAC;~~QAC5E~~,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;QACtD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,KAAK,EAAE,CAAC;IAClD,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAW;IAC1C,MAAM,KAAK,GAAG,~~yBAAyB~~,CAAC,SAAS,CAAC;~~IAClD~~,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,qBAAqB,CAAC,CAAC;IAC1E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,uCAAuC,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,WAAW,EAAE,GAAG;gBAChB,mBAAmB,EAAE,YAAY;aAClC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK;gBACL,UAAU,EAAE,CAAC;gBACb,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;aAC5C,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,~~EAAE~~,~~EAAE~~,~~EAAE~~,~~KAAK~~,EAAE,KAAK,EAAE,~~MAAM~~,~~GAAG~~,CAAC,~~IAAI~~,EAAE,~~CAAC~~,KAAK,~~CAAC~~,GAAG,EAAE,CAAC,GAAG,CAAC,~~UAAU~~,CAAC,~~EAAE~~,CAAC;~~QAC5E~~,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;QACtD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,KAAK,EAAE,CAAC;IAClD,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,~~yBAAyB~~,CAAC,MAAM,CAAC;~~IAC/C~~,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,qBAAqB,CAAC,CAAC;IAC1E,IAAI,CAAC;QACH,~~kEAAkE~~;~~QAClE~~,~~oEAAoE;QACpE,mEAAmE;QACnE,+CAA+C;QAC/C,~~MAAM,GAAG,~~GACP~~,2DAA2D,KAAK,kBAAkB,CAAC;~~QACrF~~,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,gBAAgB,EAAE,GAAG;aACtB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;gBACvC,gBAAgB,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE;aACzC,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,~~UAAU~~,CAAC,EAAE,CAAC;~~QAC5E~~,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;~~IAC7B~~,CAAC;~~YAAS~~,CAAC;~~QACT~~,~~YAAY~~,CAAC,KAAK,CAAC,CAAC;~~IACtB~~,CAAC;~~AACH~~,CAAC"}
1	+ {"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/auth/validator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAoBzD,MAAM,qBAAqB,GAAG,MAAM,CAAC;AAErC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAAoB,EACpB,GAAW;IAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,IAAI,MAAwB,CAAC;QAC7B,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,QAAQ;gBACX,MAAM,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;gBACnC,MAAM;YACR,KAAK,WAAW;gBACd,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;gBACtC,MAAM;YACR,KAAK,QAAQ;gBACX,MAAM,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;gBACnC,MAAM;QACV,CAAC;QACD,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACtC,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,oBAAoB,CAAC,GAAG,CAAC;YAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC9B,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC;IACpC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,qBAAqB,CAAC,CAAC;IAC1E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,4CAA4C,EAAE;YACpE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,GAAG,EAAE;aAC/B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK;gBACL,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;gBAC3C,UAAU,EAAE,CAAC;aACd,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACjD,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,UAAU,EAAE,GAAG,CAAC,MAAM;gBACtB,KAAK,EAAE,oBAAoB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC;gBAChD,OAAO;aACR,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;QACtD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,KAAK,EAAE,CAAC;IAClD,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAW;IAC1C,MAAM,KAAK,GAAG,cAAc,CAAC,SAAS,CAAC;IACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,qBAAqB,CAAC,CAAC;IAC1E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,uCAAuC,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,WAAW,EAAE,GAAG;gBAChB,mBAAmB,EAAE,YAAY;aAClC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK;gBACL,UAAU,EAAE,CAAC;gBACb,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;aAC5C,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACjD,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,UAAU,EAAE,GAAG,CAAC,MAAM;gBACtB,KAAK,EAAE,uBAAuB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC;gBACnD,OAAO;aACR,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;QACtD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,KAAK,EAAE,CAAC;IAClD,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC;IACpC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,qBAAqB,CAAC,CAAC;IAC1E,IAAI,CAAC;QACH,gEAAgE;QAChE,MAAM,GAAG,GAAG,2DAA2D,KAAK,kBAAkB,CAAC;QAC/F,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,gBAAgB,EAAE,GAAG;aACtB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;gBACvC,gBAAgB,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE;aACzC,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACjD,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,UAAU,EAAE,GAAG,CAAC,MAAM;gBACtB,KAAK,EAAE,oBAAoB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,CAAC;gBACrD,OAAO;aACR,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IAC7B,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,wEAAwE;AACxE,EAAE;AACF,yEAAyE;AACzE,qEAAqE;AACrE,2DAA2D;AAE3D,SAAS,oBAAoB,CAAC,MAAc,EAAE,OAAe;IAC3D,gFAAgF;IAChF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAEhC,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC;QAClC,IAAI,GAAG;YAAE,OAAO,IAAI,MAAM,aAAa,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,kBAAkB;IACpB,CAAC;IACD,OAAO,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAc,EAAE,OAAe;IAC9D,qFAAqF;IACrF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAEhC,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC;QAClC,IAAI,GAAG;YAAE,OAAO,IAAI,MAAM,gBAAgB,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,kBAAkB;IACpB,CAAC;IACD,OAAO,iBAAiB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,oBAAoB,CAC3B,MAAc,EACd,OAAe,EACf,YAAoB;IAEpB,8EAA8E;IAC9E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAEhC,CAAC;QACF,IAAI,GAAG,GAAG,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;QACtC,gEAAgE;QAChE,mEAAmE;QACnE,gEAAgE;QAChE,IAAI,YAAY,IAAI,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YAC/C,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,gBAAgB,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,GAAG;YAAE,OAAO,IAAI,MAAM,aAAa,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,kBAAkB;IACpB,CAAC;IACD,OAAO,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,MAAc;IACzD,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACrC,OAAO,IAAI,MAAM,KAAK,QAAQ,mCAAmC,CAAC;IACpE,CAAC;IACD,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACnB,OAAO,IAAI,MAAM,KAAK,QAAQ,kCAAkC,CAAC;IACnE,CAAC;IACD,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;QAClB,OAAO,IAAI,MAAM,KAAK,QAAQ,sCAAsC,CAAC;IACvE,CAAC;IACD,OAAO,IAAI,MAAM,KAAK,QAAQ,kCAAkC,CAAC;AACnE,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,CAAS;IACpC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;AACrD,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAY;IACxC,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,sDAAsD,CAAC;IAChE,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAC9D,OAAO,+CAA+C,CAAC;IACzD,CAAC;IACD,mEAAmE;IACnE,OAAO,kBAAkB,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;AAChD,CAAC"}

package/dist/index.d.ts CHANGED Viewed

@@ -12,7 +12,7 @@
  *   - review/     ✅ task #11 diff review pipeline (with #12/#13/#14 wiring)
  *   - budget/     ✅ task #14 BudgetTracker + BudgetExceededError
  */
-export declare const VERSION = "0.9.1";
+export declare const VERSION = "0.9.2";
 export { startMcpServer } from "./mcp/server.js";
 export { checkGitStatus, assertSafeToWrite, GitStatusDirtyError, type GitStatusCheck, } from "./git/status.js";
 export { installTemplate, hasExistingConfig, type InstallOptions, type InstallResult, } from "./templates/install.js";

package/dist/index.js CHANGED Viewed

@@ -12,7 +12,7 @@
  *   - review/     ✅ task #11 diff review pipeline (with #12/#13/#14 wiring)
  *   - budget/     ✅ task #14 BudgetTracker + BudgetExceededError
  */
-export const VERSION = "0.9.1";
+export const VERSION = "0.9.2";
 // MCP server (v0.9.0+) — exposes AlmightyGPT's review surface as MCP tools.
 export { startMcpServer } from "./mcp/server.js";
 // Git safety primitives

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@almightygpt/core",
-  "version": "0.9.1",
+  "version": "0.9.2",
   "description": "Core orchestrator, adapters, config, runs, and review logic for AlmightyGPT",
   "license": "MIT",
   "type": "module",

package/src/adapters/claude.ts CHANGED Viewed

@@ -22,6 +22,7 @@ import {
   type AdapterOutput,
 } from "./types.js";
 import { resolveApiKey } from "../auth/resolver.js";
+import { DEFAULT_MODELS } from "./defaults.js";
 const PRICING_USD_PER_1M: Record<string, { input: number; output: number }> = {
   // Claude 4.x family (current)
@@ -35,7 +36,8 @@ const PRICING_USD_PER_1M: Record<string, { input: number; output: number }> = {
   "claude-3-opus": { input: 15.0, output: 75.0 },
 };
-const DEFAULT_MODEL = "claude-sonnet-4-6";
+// Default lives in adapters/defaults.ts so validator + adapter can't drift.
+const DEFAULT_MODEL = DEFAULT_MODELS.anthropic;
 export interface ClaudeAdapterOptions {
   apiKey?: string;

package/src/adapters/defaults.ts ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * Single source of truth for each adapter's default model.
+ *
+ * Per Codex's v0.8 security review (P2): the validator previously
+ * hardcoded a separate `DEFAULT_VALIDATION_MODELS` constant that
+ * could drift from the adapters' defaults. We already paid the
+ * cost of one drift incident (v0.7.1, the `claude-3-5-sonnet-latest`
+ * 404 after Anthropic retired the alias) — having two drift surfaces
+ * for the same fact would have made the next one worse.
+ *
+ * Now both the adapters AND the validator import from here. Updating
+ * a default in one place updates everywhere.
+ *
+ * When you change a default model:
+ *   1. Update the value here.
+ *   2. Confirm the pricing entry in the adapter still covers the new
+ *      model (`startsWith` matching means `claude-sonnet-5-X` still
+ *      hits the `claude-sonnet-5` pricing entry, but a new family
+ *      needs a new entry).
+ *   3. Update the comment in the relevant adapter's header block.
+ */
+import type { ProviderId } from "../auth/types.js";
+/**
+ * Default model per provider used by both the adapter (when no
+ * per-call override is passed) and the auth validator (the
+ * model-level validation call).
+ */
+export const DEFAULT_MODELS: Record<ProviderId, string> = {
+  openai: "gpt-4o",
+  anthropic: "claude-sonnet-4-6",
+  google: "gemini-2.5-flash",
+};
+/**
+ * Pretty name for each provider — used in CLI prompts, error
+ * messages, and the wizard UI.
+ */
+export const PROVIDER_PRETTY_NAME: Record<ProviderId, string> = {
+  openai: "OpenAI",
+  anthropic: "Anthropic",
+  google: "Google",
+};

package/src/adapters/gemini.ts CHANGED Viewed

@@ -30,6 +30,7 @@ import {
   type AdapterOutput,
 } from "./types.js";
 import { resolveApiKey } from "../auth/resolver.js";
+import { DEFAULT_MODELS } from "./defaults.js";
 const PRICING_USD_PER_1M: Record<string, { input: number; output: number }> = {
   "gemini-2.5-pro": { input: 1.25, output: 10.0 },
@@ -46,7 +47,8 @@ const PRICING_USD_PER_1M: Record<string, { input: number; output: number }> = {
 // field lands in v0.3) or by constructing the adapter directly. For code
 // review of typical-sized diffs, flash quality is sufficient — pro pays for
 // itself only on very large diffs or complex reasoning chains.
-const DEFAULT_MODEL = "gemini-2.5-flash";
+// Default lives in adapters/defaults.ts so validator + adapter can't drift.
+const DEFAULT_MODEL = DEFAULT_MODELS.google;
 export interface GeminiAdapterOptions {
   apiKey?: string;

package/src/adapters/openai.ts CHANGED Viewed

@@ -15,6 +15,7 @@
 import OpenAI from "openai";
 import { AdapterError, type Adapter, type AdapterInput, type AdapterOutput } from "./types.js";
 import { resolveApiKey } from "../auth/resolver.js";
+import { DEFAULT_MODELS } from "./defaults.js";
 /** USD per 1M tokens, by model. Lowercased keys. */
 const PRICING_USD_PER_1M: Record<string, { input: number; output: number }> = {
@@ -24,7 +25,8 @@ const PRICING_USD_PER_1M: Record<string, { input: number; output: number }> = {
   "gpt-3.5-turbo": { input: 0.5, output: 1.5 },
 };
-const DEFAULT_MODEL = "gpt-4o";
+// Default lives in adapters/defaults.ts so validator + adapter can't drift.
+const DEFAULT_MODEL = DEFAULT_MODELS.openai;
 export interface OpenAIAdapterOptions {
   /** Override the API key source. Defaults to process.env.OPENAI_API_KEY. */

package/src/auth/keychain.ts CHANGED Viewed

@@ -20,9 +20,15 @@ import type { ProviderId } from "./types.js";
 const KEYCHAIN_SERVICE = "almightygpt";
+/** Result of a keychain `get` — distinguishes "no entry" from "read failed". */
+export type KeychainGetResult =
+  | { kind: "found"; key: string }
+  | { kind: "absent" }
+  | { kind: "error"; message: string };
 export interface KeychainAdapter {
   available: boolean;
-  get(provider: ProviderId): Promise<string | undefined>;
+  get(provider: ProviderId): Promise<KeychainGetResult>;
   set(provider: ProviderId, key: string): Promise<void>;
   remove(provider: ProviderId): Promise<boolean>;
   /** Optional diagnostic — backend name, or "unavailable". */
@@ -68,12 +74,20 @@ async function loadKeychain(): Promise<KeychainAdapter> {
     return {
       available: true,
       describeBackend: () => detectBackend(),
-      async get(provider) {
+      async get(provider): Promise<KeychainGetResult> {
         try {
           const v = entryFor(provider).getPassword();
-          return v === null ? undefined : v;
-        } catch {
-          return undefined;
+          if (v === null || v === undefined) return { kind: "absent" };
+          return { kind: "found", key: v };
+        } catch (err) {
+          // Real read failure — do NOT collapse into "absent". Codex's
+          // v0.8 review (P2 #4): silent fallthrough hid macOS Keychain
+          // denied access, Secret Service unavailability, corrupted
+          // entries, native-binding faults. Bubble up instead.
+          return {
+            kind: "error",
+            message: err instanceof Error ? err.message : String(err),
+          };
         }
       },
       async set(provider, key) {
@@ -99,7 +113,7 @@ function makeUnavailable(reason: string): KeychainAdapter {
     available: false,
     describeBackend: () => `unavailable (${reason})`,
     async get() {
-      return undefined;
+      return { kind: "absent" };
     },
     async set() {
       throw new Error(

package/src/auth/resolver.ts CHANGED Viewed

@@ -53,10 +53,20 @@ export async function resolveApiKey(
   if (!options.skipKeychain) {
     const keychain = await getKeychain();
     if (keychain.available) {
-      const v = await keychain.get(provider);
-      if (v && v.length > 0) {
-        return { provider, source: "keychain", key: v };
+      const result = await keychain.get(provider);
+      if (result.kind === "found" && result.key.length > 0) {
+        return { provider, source: "keychain", key: result.key };
       }
+      if (result.kind === "error") {
+        // Per Codex's v0.8 review (P2 #4) — surface as a distinct state
+        // so the user sees "stored but couldn't be read" not "missing".
+        return {
+          provider,
+          source: "keychain_error",
+          keychainError: result.message,
+        };
+      }
+      // kind === "absent" → fall through to "missing".
     }
   }
@@ -77,5 +87,15 @@ export async function requireApiKey(
     const primaryEnv = PROVIDER_ENV_VARS[provider][0]!;
     throw new AuthMissingError(provider, primaryEnv);
   }
+  if (resolved.source === "keychain_error") {
+    const primaryEnv = PROVIDER_ENV_VARS[provider][0]!;
+    throw new AuthMissingError(
+      provider,
+      primaryEnv,
+      `Keychain read failed: ${resolved.keychainError ?? "unknown error"}. ` +
+        `Set ${primaryEnv} as a per-process override, or fix the keychain ` +
+        `state (the entry exists but the OS denied or failed the read).`,
+    );
+  }
   return resolved.key!;
 }

package/src/auth/types.ts CHANGED Viewed

@@ -19,29 +19,48 @@
 export type ProviderId = "openai" | "anthropic" | "google";
-export type KeySource = "explicit" | "env" | "keychain" | "missing";
+/**
+ * Where a resolved API key came from.
+ *
+ * `keychain_error` is a distinct state from `missing` — per Codex's
+ * v0.8 security review, silently treating a keychain read failure as
+ * "no key" hides important states (denied access, daemon unavailable,
+ * corrupted entry, native binding fault). Callers can choose to fall
+ * back or surface the error, but the resolver no longer pretends the
+ * key simply doesn't exist.
+ */
+export type KeySource =
+  | "explicit"
+  | "env"
+  | "keychain"
+  | "keychain_error"
+  | "missing";
 export interface KeyResolution {
   provider: ProviderId;
   source: KeySource;
-  /** Present iff source !== "missing". */
+  /** Present iff source resolves to a usable key. */
   key?: string;
   /** Which env var was used (only set when source === "env"). */
   envVar?: string;
+  /** Human-readable diagnostic when source === "keychain_error". */
+  keychainError?: string;
 }
 /**
- * Thrown when no key is found in any source. Caller should surface
- * the message verbatim — it tells the user exactly how to fix it.
+ * Thrown when no key is found in any source (or when keychain read failed).
+ * Caller should surface the message verbatim — it tells the user exactly
+ * how to fix it.
  */
 export class AuthMissingError extends Error {
   readonly provider: ProviderId;
   readonly envVar: string;
-  constructor(provider: ProviderId, envVar: string) {
+  constructor(provider: ProviderId, envVar: string, customMessage?: string) {
     super(
-      `No API key found for ${provider}. ` +
-        `Run "almightygpt auth ${provider}" to set one up interactively, ` +
-        `or export ${envVar} in your shell.`,
+      customMessage ??
+        `No API key found for ${provider}. ` +
+          `Run "almightygpt auth ${provider}" to set one up interactively, ` +
+          `or export ${envVar} in your shell.`,
     );
     this.name = "AuthMissingError";
     this.provider = provider;