@chllming/wave-orchestration 0.9.1 → 0.9.2

package/scripts/wave-orchestrator/config.mjs

@@ -73,12 +73,22 @@ export const DEFAULT_CODEX_SANDBOX_MODE = "danger-full-access";
 export const CODEX_SANDBOX_MODES = ["read-only", "workspace-write", "danger-full-access"];
 export const DEFAULT_CLAUDE_COMMAND = "claude";
 export const DEFAULT_OPENCODE_COMMAND = "opencode";
-export const DEFAULT_WAVE_CONTROL_AUTH_TOKEN_ENV_VAR = "WAVE_CONTROL_AUTH_TOKEN";
+export const DEFAULT_WAVE_CONTROL_AUTH_TOKEN_ENV_VAR = "WAVE_API_TOKEN";
+export const LEGACY_WAVE_CONTROL_AUTH_TOKEN_ENV_VAR = "WAVE_CONTROL_AUTH_TOKEN";
 export const DEFAULT_WAVE_CONTROL_ENDPOINT = "https://wave-control.up.railway.app/api/v1";
 export const DEFAULT_WAVE_CONTROL_REPORT_MODE = "metadata-only";
 export const DEFAULT_WAVE_CONTROL_REQUEST_TIMEOUT_MS = 5000;
 export const DEFAULT_WAVE_CONTROL_FLUSH_BATCH_SIZE = 25;
 export const DEFAULT_WAVE_CONTROL_MAX_PENDING_EVENTS = 1000;
+export const WAVE_CONTROL_RUNTIME_CREDENTIAL_PROVIDERS = ["anthropic", "openai"];
+export const EXTERNAL_PROVIDER_MODES = ["direct", "broker", "hybrid"];
+export const DEFAULT_CONTEXT7_API_KEY_ENV_VAR = "CONTEXT7_API_KEY";
+export const DEFAULT_CORRIDOR_API_TOKEN_ENV_VAR = "CORRIDOR_API_TOKEN";
+export const DEFAULT_CORRIDOR_API_KEY_FALLBACK_ENV_VAR = "CORRIDOR_API_KEY";
+export const DEFAULT_CORRIDOR_BASE_URL = "https://app.corridor.dev/api";
+export const DEFAULT_CORRIDOR_SEVERITY_THRESHOLD = "critical";
+export const DEFAULT_CORRIDOR_FINDING_STATES = ["open", "potential"];
+export const CORRIDOR_SEVERITY_LEVELS = ["low", "medium", "high", "critical"];
 export const DEFAULT_WAVE_CONTROL_SELECTED_ARTIFACT_KINDS = [
   "trace-run-metadata",
   "trace-quality",
@@ -295,6 +305,103 @@ function normalizeOptionalJsonObject(value, label) {
   throw new Error(`${label} must be a JSON object`);
 }
 
+function normalizeExternalProviderMode(value, label, fallback = "direct") {
+  const normalized = String(value || fallback)
+    .trim()
+    .toLowerCase();
+  if (!EXTERNAL_PROVIDER_MODES.includes(normalized)) {
+    throw new Error(`${label} must be one of: ${EXTERNAL_PROVIDER_MODES.join(", ")}`);
+  }
+  return normalized;
+}
+
+function normalizeCorridorSeverity(value, label, fallback = DEFAULT_CORRIDOR_SEVERITY_THRESHOLD) {
+  const normalized = String(value || fallback)
+    .trim()
+    .toLowerCase();
+  if (!CORRIDOR_SEVERITY_LEVELS.includes(normalized)) {
+    throw new Error(`${label} must be one of: ${CORRIDOR_SEVERITY_LEVELS.join(", ")}`);
+  }
+  return normalized;
+}
+
+function normalizeExternalProviders(rawExternalProviders = {}, label = "externalProviders") {
+  const externalProviders =
+    rawExternalProviders &&
+    typeof rawExternalProviders === "object" &&
+    !Array.isArray(rawExternalProviders)
+      ? rawExternalProviders
+      : {};
+  const context7 =
+    externalProviders.context7 &&
+    typeof externalProviders.context7 === "object" &&
+    !Array.isArray(externalProviders.context7)
+      ? externalProviders.context7
+      : {};
+  const corridor =
+    externalProviders.corridor &&
+    typeof externalProviders.corridor === "object" &&
+    !Array.isArray(externalProviders.corridor)
+      ? externalProviders.corridor
+      : {};
+  const context7Mode = normalizeExternalProviderMode(
+    context7.mode,
+    `${label}.context7.mode`,
+    "direct",
+  );
+  const corridorMode = normalizeExternalProviderMode(
+    corridor.mode,
+    `${label}.corridor.mode`,
+    "direct",
+  );
+  const normalized = {
+    context7: {
+      mode: context7Mode,
+      apiKeyEnvVar:
+        normalizeOptionalString(
+          context7.apiKeyEnvVar,
+          DEFAULT_CONTEXT7_API_KEY_ENV_VAR,
+        ) || DEFAULT_CONTEXT7_API_KEY_ENV_VAR,
+    },
+    corridor: {
+      enabled: normalizeOptionalBoolean(corridor.enabled, false),
+      mode: corridorMode,
+      baseUrl: normalizeOptionalString(corridor.baseUrl, DEFAULT_CORRIDOR_BASE_URL),
+      apiTokenEnvVar:
+        normalizeOptionalString(
+          corridor.apiTokenEnvVar,
+          DEFAULT_CORRIDOR_API_TOKEN_ENV_VAR,
+        ) || DEFAULT_CORRIDOR_API_TOKEN_ENV_VAR,
+      apiKeyFallbackEnvVar:
+        normalizeOptionalString(
+          corridor.apiKeyFallbackEnvVar,
+          DEFAULT_CORRIDOR_API_KEY_FALLBACK_ENV_VAR,
+        ) || DEFAULT_CORRIDOR_API_KEY_FALLBACK_ENV_VAR,
+      teamId: normalizeOptionalString(corridor.teamId, null),
+      projectId: normalizeOptionalString(corridor.projectId, null),
+      severityThreshold: normalizeCorridorSeverity(
+        corridor.severityThreshold,
+        `${label}.corridor.severityThreshold`,
+      ),
+      findingStates: normalizeOptionalStringArray(
+        corridor.findingStates,
+        DEFAULT_CORRIDOR_FINDING_STATES,
+      ),
+      requiredAtClosure: normalizeOptionalBoolean(corridor.requiredAtClosure, true),
+    },
+  };
+  if (
+    normalized.corridor.enabled &&
+    normalized.corridor.mode === "direct" &&
+    (!normalized.corridor.teamId || !normalized.corridor.projectId)
+  ) {
+    throw new Error(
+      `${label}.corridor.teamId and ${label}.corridor.projectId are required when corridor is enabled in direct mode`,
+    );
+  }
+  return normalized;
+}
+
 function normalizeExecutorBudget(rawBudget = {}, label = "budget") {
   const budget =
     rawBudget && typeof rawBudget === "object" && !Array.isArray(rawBudget) ? rawBudget : {};
@@ -578,6 +685,31 @@ function normalizeWaveControl(rawWaveControl = {}, label = "waveControl") {
     rawWaveControl && typeof rawWaveControl === "object" && !Array.isArray(rawWaveControl)
       ? rawWaveControl
       : {};
+  const credentials = Array.isArray(waveControl.credentials) ? waveControl.credentials : [];
+  const normalizedCredentials = [];
+  const seenCredentialEnvVars = new Set();
+  for (const [index, entry] of credentials.entries()) {
+    if (!entry || typeof entry !== "object" || Array.isArray(entry)) {
+      throw new Error(`${label}.credentials[${index}] must be an object with id and envVar.`);
+    }
+    const id = String(entry.id || "").trim().toLowerCase();
+    if (!/^[a-z0-9][a-z0-9._-]*$/.test(id)) {
+      throw new Error(
+        `${label}.credentials[${index}].id must match /^[a-z0-9][a-z0-9._-]*$/.`,
+      );
+    }
+    const envVar = String(entry.envVar || "").trim().toUpperCase();
+    if (!/^[A-Z_][A-Z0-9_]*$/.test(envVar)) {
+      throw new Error(
+        `${label}.credentials[${index}].envVar must match /^[A-Z_][A-Z0-9_]*$/.`,
+      );
+    }
+    if (seenCredentialEnvVars.has(envVar)) {
+      throw new Error(`${label}.credentials contains duplicate envVar mappings for ${envVar}.`);
+    }
+    seenCredentialEnvVars.add(envVar);
+    normalizedCredentials.push({ id, envVar });
+  }
   const reportMode = normalizeWaveControlReportMode(
     waveControl.reportMode,
     `${label}.reportMode`,
@@ -591,8 +723,36 @@ function normalizeWaveControl(rawWaveControl = {}, label = "waveControl") {
     workspaceId: normalizeOptionalString(waveControl.workspaceId, null),
     projectId: normalizeOptionalString(waveControl.projectId, null),
     authTokenEnvVar:
-      normalizeOptionalString(waveControl.authTokenEnvVar, DEFAULT_WAVE_CONTROL_AUTH_TOKEN_ENV_VAR) ||
-      DEFAULT_WAVE_CONTROL_AUTH_TOKEN_ENV_VAR,
+      normalizeOptionalString(
+        waveControl.authTokenEnvVar,
+        DEFAULT_WAVE_CONTROL_AUTH_TOKEN_ENV_VAR,
+      ) || DEFAULT_WAVE_CONTROL_AUTH_TOKEN_ENV_VAR,
+    authTokenEnvVars: Array.from(
+      new Set(
+        normalizeOptionalStringArray(
+          waveControl.authTokenEnvVars,
+          [
+            normalizeOptionalString(
+              waveControl.authTokenEnvVar,
+              DEFAULT_WAVE_CONTROL_AUTH_TOKEN_ENV_VAR,
+            ) || DEFAULT_WAVE_CONTROL_AUTH_TOKEN_ENV_VAR,
+            LEGACY_WAVE_CONTROL_AUTH_TOKEN_ENV_VAR,
+          ],
+        ),
+      ),
+    ),
+    credentialProviders: normalizeOptionalStringArray(waveControl.credentialProviders, []).map(
+      (providerId, index) => {
+        const normalized = String(providerId || "").trim().toLowerCase();
+        if (!WAVE_CONTROL_RUNTIME_CREDENTIAL_PROVIDERS.includes(normalized)) {
+          throw new Error(
+            `${label}.credentialProviders[${index}] must be one of: ${WAVE_CONTROL_RUNTIME_CREDENTIAL_PROVIDERS.join(", ")}`,
+          );
+        }
+        return normalized;
+      },
+    ),
+    credentials: normalizedCredentials,
     reportMode,
     uploadArtifactKinds: normalizeOptionalStringArray(
       waveControl.uploadArtifactKinds,
@@ -1109,6 +1269,7 @@ export function loadWaveConfig(configPath = DEFAULT_WAVE_CONFIG_PATH) {
           capabilityRouting: rawProject.capabilityRouting || {},
           runtimePolicy: rawProject.runtimePolicy || {},
           waveControl: rawProject.waveControl || {},
+          externalProviders: rawProject.externalProviders || {},
           lanes: projectLanes,
           explicit: Boolean(rawProjects),
         },
@@ -1130,6 +1291,10 @@ export function loadWaveConfig(configPath = DEFAULT_WAVE_CONFIG_PATH) {
     capabilityRouting: normalizeCapabilityRouting(rawConfig.capabilityRouting),
     runtimePolicy: normalizeRuntimePolicy(rawConfig.runtimePolicy),
     waveControl: normalizeWaveControl(rawConfig.waveControl, "waveControl"),
+    externalProviders: normalizeExternalProviders(
+      rawConfig.externalProviders,
+      "externalProviders",
+    ),
     sharedPlanDocs,
     lanes: legacyLanes,
     projects,
@@ -1182,6 +1347,21 @@ export function resolveProjectProfile(config, projectInput = config.defaultProje
       ...config.runtimePolicy,
       ...(projectConfig.runtimePolicy || {}),
     }),
+    externalProviders: normalizeExternalProviders(
+      {
+        ...config.externalProviders,
+        ...(projectConfig.externalProviders || {}),
+        context7: {
+          ...(config.externalProviders?.context7 || {}),
+          ...(projectConfig.externalProviders?.context7 || {}),
+        },
+        corridor: {
+          ...(config.externalProviders?.corridor || {}),
+          ...(projectConfig.externalProviders?.corridor || {}),
+        },
+      },
+      `projects.${projectId}.externalProviders`,
+    ),
     waveControl: normalizeWaveControl(
       {
         ...config.waveControl,
@@ -1256,6 +1436,21 @@ export function resolveLaneProfile(config, laneInput = config.defaultLane, proje
     },
     `${lane}.waveControl`,
   );
+  const externalProviders = normalizeExternalProviders(
+    {
+      ...projectProfile.externalProviders,
+      ...(laneConfig.externalProviders || {}),
+      context7: {
+        ...(projectProfile.externalProviders?.context7 || {}),
+        ...(laneConfig.externalProviders?.context7 || {}),
+      },
+      corridor: {
+        ...(projectProfile.externalProviders?.corridor || {}),
+        ...(laneConfig.externalProviders?.corridor || {}),
+      },
+    },
+    `${lane}.externalProviders`,
+  );
   return {
     projectId: projectProfile.projectId,
     projectName: projectProfile.projectName,
@@ -1276,6 +1471,7 @@ export function resolveLaneProfile(config, laneInput = config.defaultLane, proje
     skills,
     capabilityRouting,
     runtimePolicy,
+    externalProviders,
     waveControl,
     paths: {
       terminalsPath: normalizeRepoRelativePath(

package/scripts/wave-orchestrator/context7.mjs

@@ -9,6 +9,15 @@ import {
   sleep,
   writeJsonAtomic,
 } from "./shared.mjs";
+import {
+  DEFAULT_CONTEXT7_API_KEY_ENV_VAR,
+  DEFAULT_WAVE_CONTROL_ENDPOINT,
+} from "./config.mjs";
+import {
+  isDefaultWaveControlEndpoint,
+  readJsonResponse,
+  resolveWaveControlAuthToken,
+} from "./provider-runtime.mjs";
 
 export const DEFAULT_CONTEXT7_BUNDLE_INDEX_PATH = path.join(
   REPO_ROOT,
@@ -277,16 +286,10 @@ function renderPrefetchedContextText({ selection, results, budget }) {
   return trimContextText(sections.join("\n\n"), budget);
 }
 
-async function requestContext7(fetchImpl, url, { apiKey, expectText = false, maxRetries = 3 } = {}) {
+async function requestContext7(fetchImpl, request, { expectText = false, maxRetries = 3 } = {}) {
   let lastError = null;
   for (let attempt = 0; attempt < maxRetries; attempt += 1) {
-    const response = await fetchImpl(url, {
-      method: "GET",
-      headers: {
-        Authorization: `Bearer ${apiKey}`,
-        Accept: expectText ? "text/plain, application/json" : "application/json",
-      },
-    });
+    const response = await request();
     if (response.ok) {
       return expectText ? response.text() : response.json();
     }
@@ -296,7 +299,7 @@ async function requestContext7(fetchImpl, url, { apiKey, expectText = false, max
       : 0;
     let payload = null;
     try {
-      payload = await response.json();
+      payload = await readJsonResponse(response, null);
     } catch {
       payload = null;
     }
@@ -311,7 +314,193 @@ async function requestContext7(fetchImpl, url, { apiKey, expectText = false, max
   throw lastError || new Error("Context7 request failed.");
 }
 
-async function resolveLibraryId(fetchImpl, library, selection, apiKey) {
+function buildDirectContext7Requester(fetchImpl, apiKey) {
+  return {
+    async search(params) {
+      const url = `${CONTEXT7_SEARCH_URL}?${params.toString()}`;
+      return requestContext7(
+        fetchImpl,
+        () =>
+          fetchImpl(url, {
+            method: "GET",
+            headers: {
+              Authorization: `Bearer ${apiKey}`,
+              Accept: "application/json",
+            },
+          }),
+      );
+    },
+    async context(params) {
+      const url = `${CONTEXT7_CONTEXT_URL}?${params.toString()}`;
+      return requestContext7(
+        fetchImpl,
+        () =>
+          fetchImpl(url, {
+            method: "GET",
+            headers: {
+              Authorization: `Bearer ${apiKey}`,
+              Accept: "text/plain, application/json",
+            },
+          }),
+        { expectText: true },
+      );
+    },
+  };
+}
+
+function buildBrokerContext7Requester(fetchImpl, lanePaths) {
+  const waveControl = lanePaths?.waveControl || lanePaths?.laneProfile?.waveControl || {};
+  const endpoint = String(waveControl.endpoint || DEFAULT_WAVE_CONTROL_ENDPOINT).trim();
+  if (!endpoint || isDefaultWaveControlEndpoint(endpoint)) {
+    throw new Error("Context7 broker mode requires an owned Wave Control endpoint.");
+  }
+  const authToken = resolveWaveControlAuthToken(waveControl);
+  if (!authToken) {
+    throw new Error("WAVE_API_TOKEN is not set; skipping Context7 broker prefetch.");
+  }
+  const baseEndpoint = endpoint.replace(/\/$/, "");
+  return {
+    async search(params) {
+      return requestContext7(
+        fetchImpl,
+        () =>
+          fetchImpl(`${baseEndpoint}/providers/context7/search?${params.toString()}`, {
+            method: "GET",
+            headers: {
+              authorization: `Bearer ${authToken}`,
+              accept: "application/json",
+            },
+          }),
+      );
+    },
+    async context(params) {
+      return requestContext7(
+        fetchImpl,
+        () =>
+          fetchImpl(`${baseEndpoint}/providers/context7/context?${params.toString()}`, {
+            method: "GET",
+            headers: {
+              authorization: `Bearer ${authToken}`,
+              accept: "text/plain, application/json",
+            },
+          }),
+        { expectText: true },
+      );
+    },
+  };
+}
+
+function buildHybridContext7Requester({
+  lanePaths,
+  fetchImpl,
+  directApiKey,
+  directApiKeyEnvVar,
+}) {
+  const brokerRequester = buildBrokerContext7Requester(fetchImpl, lanePaths);
+  let directRequester = null;
+  let activeProviderMode = "broker";
+  let fallbackWarning = "";
+
+  const resolveDirectRequester = () => {
+    if (directRequester) {
+      return directRequester;
+    }
+    if (!directApiKey) {
+      throw new Error(`${directApiKeyEnvVar} is not set; skipping Context7 prefetch.`);
+    }
+    directRequester = buildDirectContext7Requester(fetchImpl, directApiKey);
+    return directRequester;
+  };
+
+  const runWithFallback = async (method, params) => {
+    if (activeProviderMode === "direct") {
+      return resolveDirectRequester()[method](params);
+    }
+    try {
+      return await brokerRequester[method](params);
+    } catch (brokerError) {
+      let fallbackRequester = null;
+      try {
+        fallbackRequester = resolveDirectRequester();
+      } catch (fallbackUnavailableError) {
+        throw new Error(
+          `Context7 broker request failed and direct fallback is unavailable: ${brokerError instanceof Error ? brokerError.message : String(brokerError)}; ${fallbackUnavailableError instanceof Error ? fallbackUnavailableError.message : String(fallbackUnavailableError)}`,
+        );
+      }
+      activeProviderMode = "direct";
+      fallbackWarning =
+        fallbackWarning ||
+        `Context7 broker request failed; fell back to direct auth: ${brokerError instanceof Error ? brokerError.message : String(brokerError)}`;
+      try {
+        return await fallbackRequester[method](params);
+      } catch (fallbackError) {
+        throw new Error(
+          `Context7 broker request failed and direct fallback also failed: ${brokerError instanceof Error ? brokerError.message : String(brokerError)}; ${fallbackError instanceof Error ? fallbackError.message : String(fallbackError)}`,
+        );
+      }
+    }
+  };
+
+  return {
+    requester: {
+      search(params) {
+        return runWithFallback("search", params);
+      },
+      context(params) {
+        return runWithFallback("context", params);
+      },
+    },
+    providerMode: "broker",
+    getProviderMode() {
+      return activeProviderMode;
+    },
+    getWarning() {
+      return fallbackWarning;
+    },
+  };
+}
+
+function resolveContext7Requester({
+  lanePaths,
+  fetchImpl,
+  apiKey,
+  apiKeyEnvVar = DEFAULT_CONTEXT7_API_KEY_ENV_VAR,
+}) {
+  const provider = lanePaths?.externalProviders?.context7 || {};
+  const mode = String(provider.mode || "direct").trim().toLowerCase();
+  const directApiKey = apiKey || process.env[provider.apiKeyEnvVar || apiKeyEnvVar] || "";
+  const direct = () => {
+    if (!directApiKey) {
+      throw new Error(`${provider.apiKeyEnvVar || apiKeyEnvVar} is not set; skipping Context7 prefetch.`);
+    }
+    return {
+      requester: buildDirectContext7Requester(fetchImpl, directApiKey),
+      providerMode: "direct",
+    };
+  };
+  const broker = () => ({
+    requester: buildBrokerContext7Requester(fetchImpl, lanePaths),
+    providerMode: "broker",
+  });
+  if (mode === "broker") {
+    return broker();
+  }
+  if (mode === "hybrid") {
+    try {
+      return buildHybridContext7Requester({
+        lanePaths,
+        fetchImpl,
+        directApiKey,
+        directApiKeyEnvVar: provider.apiKeyEnvVar || apiKeyEnvVar,
+      });
+    } catch {
+      return direct();
+    }
+  }
+  return direct();
+}
+
+async function resolveLibraryId(requester, library, selection) {
   if (library.libraryId) {
     return {
       libraryId: library.libraryId,
@@ -322,9 +511,7 @@ async function resolveLibraryId(fetchImpl, library, selection, apiKey) {
     libraryName: library.libraryName,
     query: selection.query || library.queryHint || library.libraryName,
   });
-  const results = await requestContext7(fetchImpl, `${CONTEXT7_SEARCH_URL}?${params.toString()}`, {
-    apiKey,
-  });
+  const results = await requester.search(params);
   if (!Array.isArray(results) || results.length === 0) {
     throw new Error(`Context7 search returned no matches for "${library.libraryName}".`);
   }
@@ -334,8 +521,8 @@ async function resolveLibraryId(fetchImpl, library, selection, apiKey) {
   };
 }
 
-async function fetchLibraryContext(fetchImpl, library, selection, apiKey) {
-  const resolvedLibrary = await resolveLibraryId(fetchImpl, library, selection, apiKey);
+async function fetchLibraryContext(requester, library, selection) {
+  const resolvedLibrary = await resolveLibraryId(requester, library, selection);
   const query = compactSingleLine(
     [selection.query, library.queryHint].filter(Boolean).join(". Focus: "),
     320,
@@ -345,10 +532,7 @@ async function fetchLibraryContext(fetchImpl, library, selection, apiKey) {
     query,
     type: "txt",
   });
-  const text = await requestContext7(fetchImpl, `${CONTEXT7_CONTEXT_URL}?${params.toString()}`, {
-    apiKey,
-    expectText: true,
-  });
+  const text = await requester.context(params);
   return {
     libraryId: resolvedLibrary.libraryId,
     libraryName: resolvedLibrary.libraryName,
@@ -360,6 +544,7 @@ async function fetchLibraryContext(fetchImpl, library, selection, apiKey) {
 export async function prefetchContext7ForSelection(
   selection,
   {
+    lanePaths = null,
     cacheDir,
     apiKey = process.env.CONTEXT7_API_KEY || "",
     fetchImpl = globalThis.fetch,
@@ -397,13 +582,18 @@ export async function prefetchContext7ForSelection(
     };
   }
   if (!apiKey) {
-    return {
-      mode: "missing-key",
-      selection,
-      promptText: "",
-      snippetHash: "",
-      warning: "CONTEXT7_API_KEY is not set; skipping Context7 prefetch.",
-    };
+    const providerMode = String(lanePaths?.externalProviders?.context7?.mode || "direct")
+      .trim()
+      .toLowerCase();
+    if (providerMode === "direct") {
+      return {
+        mode: "missing-key",
+        selection,
+        promptText: "",
+        snippetHash: "",
+        warning: "CONTEXT7_API_KEY is not set; skipping Context7 prefetch.",
+      };
+    }
   }
 
   ensureDirectory(cacheDir);
@@ -427,9 +617,15 @@ export async function prefetchContext7ForSelection(
   }
 
   try {
+    const requesterState = resolveContext7Requester({
+      lanePaths,
+      fetchImpl,
+      apiKey,
+    });
+    const { requester } = requesterState;
     const results = [];
     for (const library of selection.libraries) {
-      const result = await fetchLibraryContext(fetchImpl, library, selection, apiKey);
+      const result = await fetchLibraryContext(requester, library, selection);
       if (result.text) {
         results.push(result);
       }
@@ -450,12 +646,18 @@ export async function prefetchContext7ForSelection(
       promptText,
       snippetHash,
     });
+    const providerMode =
+      typeof requesterState.getProviderMode === "function"
+        ? requesterState.getProviderMode()
+        : requesterState.providerMode;
+    const warning =
+      typeof requesterState.getWarning === "function" ? requesterState.getWarning() : "";
     return {
-      mode: "fetched",
+      mode: providerMode === "broker" ? "fetched-broker" : "fetched",
       selection,
       promptText,
       snippetHash,
-      warning: "",
+      warning,
     };
   } catch (error) {
     return {

package/scripts/wave-orchestrator/coordination.mjs

@@ -197,6 +197,8 @@ export function buildExecutionPrompt({
   inboxPath = null,
   inboxText = "",
   context7 = null,
+  corridorContextPath = null,
+  corridorContextText = "",
   componentPromotions = null,
   evalTargets = null,
   benchmarkCatalogPath = null,
@@ -215,6 +217,9 @@ export function buildExecutionPrompt({
     ? path.relative(REPO_ROOT, sharedSummaryPath)
     : null;
   const relativeInboxPath = inboxPath ? path.relative(REPO_ROOT, inboxPath) : null;
+  const relativeCorridorContextPath = corridorContextPath
+    ? path.relative(REPO_ROOT, corridorContextPath)
+    : null;
   const relativeSignalStatePath = signalStatePath
     ? path.relative(REPO_ROOT, signalStatePath)
     : null;
@@ -537,6 +542,12 @@ export function buildExecutionPrompt({
           `Agent inbox repo-relative path: ${relativeInboxPath}`,
         ]
       : []),
+    ...(corridorContextPath
+      ? [
+          `Corridor context absolute path: ${corridorContextPath}`,
+          `Corridor context repo-relative path: ${relativeCorridorContextPath}`,
+        ]
+      : []),
     ...(signalStatePath
       ? [
           `Signal state absolute path: ${signalStatePath}`,
@@ -552,6 +563,9 @@ export function buildExecutionPrompt({
     ...(inboxText
       ? ["Current agent inbox:", "```markdown", inboxText, "```", ""]
       : []),
+    ...(corridorContextText
+      ? ["Current Corridor context:", "```text", corridorContextText, "```", ""]
+      : []),
     ...(signalStatePath
       ? [
           "Long-running signal loop:",