@delegance/claude-autopilot 5.2.2 → 6.2.2

package/dist/src/adapters/deploy/vercel.js

@@ -0,0 +1,426 @@
+// src/adapters/deploy/vercel.ts
+//
+// First-class Vercel deploy adapter. Phase 1 of the v5.4 spec.
+//
+// Implements `deploy()` (POST + poll until terminal) and `status()` (one-shot
+// GET). Log streaming is Phase 2; rollback is Phase 3.
+//
+// All HTTP calls go through an injectable `fetchImpl` so unit tests never hit
+// the real Vercel API.
+//
+// Spec: docs/specs/v5.4-vercel-adapter.md
+import { GuardrailError } from "../../core/errors.js";
+import { redactLogLines } from "../../core/logging/redaction.js";
+import { fetchWithRetry, safeReadBody } from "./_http.js";
+const VERCEL_API_BASE = 'https://api.vercel.com';
+/**
+ * Vercel deploy adapter.
+ *
+ * Construct once per pipeline run. The adapter is stateless across calls — all
+ * configuration (token, project, team) is captured at construction time.
+ */
+export class VercelDeployAdapter {
+    name = 'vercel';
+    token;
+    project;
+    team;
+    target;
+    pollIntervalMs;
+    maxPollMs;
+    fetchImpl;
+    sleep;
+    now;
+    redactionPatterns;
+    constructor(opts) {
+        const token = opts.token ?? process.env.VERCEL_TOKEN;
+        if (!token) {
+            throw new GuardrailError('Vercel deploy adapter requires VERCEL_TOKEN. Create one at https://vercel.com/account/tokens', { code: 'auth', provider: 'vercel' });
+        }
+        if (!opts.project) {
+            throw new GuardrailError('Vercel deploy adapter requires `project` (project ID or slug)', { code: 'invalid_config', provider: 'vercel' });
+        }
+        this.token = token;
+        this.project = opts.project;
+        this.team = opts.team;
+        this.target = opts.target ?? 'production';
+        this.pollIntervalMs = opts.pollIntervalMs ?? 2000;
+        this.maxPollMs = opts.maxPollMs ?? 15 * 60 * 1000;
+        this.fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+        this.sleep = opts.sleepImpl ?? ((ms) => new Promise((r) => setTimeout(r, ms)));
+        this.now = opts.nowImpl ?? Date.now;
+        this.redactionPatterns = opts.redactionPatterns;
+    }
+    async deploy(input) {
+        const start = this.now();
+        const url = this.urlWithTeam(`${VERCEL_API_BASE}/v13/deployments`);
+        const body = {
+            name: this.project,
+            target: this.target,
+            meta: input.meta,
+        };
+        // Only include gitSource when we have a commitSha — Vercel requires the
+        // full {type, repoId, ref} contract for git deploys, which we can't
+        // synthesize from a SHA alone in Phase 1. Callers using `commitSha` should
+        // also have `VERCEL_PROJECT_ID` linked via `vc link` so Vercel resolves
+        // the repo from the linked project.
+        if (input.commitSha) {
+            body.gitSource = { type: 'github', sha: input.commitSha, ref: input.ref };
+        }
+        else if (input.ref) {
+            body.gitSource = { type: 'github', ref: input.ref };
+        }
+        const res = await fetchWithRetry(this.fetchImpl, url, {
+            method: 'POST',
+            headers: this.headers(),
+            body: JSON.stringify(body),
+            signal: input.signal,
+        }, { sleepImpl: this.sleep, provider: 'vercel' });
+        await this.assertOkOrThrow(res, 'create deployment');
+        const created = (await res.json());
+        if (!created.id) {
+            throw new GuardrailError(`Vercel returned no deployment id (got: ${JSON.stringify(created).slice(0, 200)})`, { code: 'adapter_bug', provider: 'vercel' });
+        }
+        // Phase 2: fire onDeployStart so callers (e.g. --watch) can subscribe
+        // to logs in parallel with polling. Wrap in try/catch — a buggy callback
+        // must not crash the deploy.
+        try {
+            input.onDeployStart?.(created.id);
+        }
+        catch {
+            /* swallow — observability concern only */
+        }
+        return this.pollUntilTerminal(created.id, start, input.signal);
+    }
+    async status(input) {
+        const start = this.now();
+        const url = this.urlWithTeam(`${VERCEL_API_BASE}/v13/deployments/${encodeURIComponent(input.deployId)}`);
+        const res = await fetchWithRetry(this.fetchImpl, url, {
+            method: 'GET',
+            headers: this.headers(),
+            signal: input.signal,
+        }, { sleepImpl: this.sleep, provider: 'vercel' });
+        await this.assertOkOrThrow(res, 'get deployment');
+        const data = (await res.json());
+        const state = data.readyState ?? data.state;
+        const result = this.shapeResult(input.deployId, data, state, this.now() - start);
+        return { ...result, deployId: input.deployId };
+    }
+    /**
+     * Phase 2 — subscribe to real-time build logs for a deployment.
+     *
+     * Streams `GET /v2/deployments/<id>/events?builds=1&follow=1` and yields a
+     * `DeployLogLine` for each `stdout` / `stderr` event. Lifecycle events
+     * (`state`, `complete`) are filtered out — the polling loop in `deploy()`
+     * already handles them. Malformed JSON lines are skipped silently rather
+     * than crashing a long-running stream.
+     *
+     * Cancellation: pass `input.signal`. Once aborted, the underlying fetch
+     * is torn down and the iterator returns.
+     */
+    async *streamLogs(input) {
+        const url = this.urlWithTeam(`${VERCEL_API_BASE}/v2/deployments/${encodeURIComponent(input.deployId)}/events?builds=1&follow=1`);
+        const res = await this.fetchEventsWithRetry(url, input.signal);
+        await this.assertOkOrThrow(res, 'stream logs');
+        if (!res.body) {
+            throw new GuardrailError(`Vercel events response had no body for ${input.deployId}`, { code: 'adapter_bug', provider: 'vercel' });
+        }
+        const reader = res.body.getReader();
+        const decoder = new TextDecoder('utf-8');
+        let buf = '';
+        try {
+            while (true) {
+                if (input.signal?.aborted)
+                    return;
+                const { done, value } = await reader.read();
+                if (done) {
+                    // Flush a trailing partial line if present.
+                    if (buf.length > 0) {
+                        const line = parseEventLine(buf);
+                        if (line)
+                            yield this.redactLine(line);
+                    }
+                    return;
+                }
+                buf += decoder.decode(value, { stream: true });
+                let nl = buf.indexOf('\n');
+                while (nl !== -1) {
+                    const raw = buf.slice(0, nl);
+                    buf = buf.slice(nl + 1);
+                    const line = parseEventLine(raw);
+                    if (line)
+                        yield this.redactLine(line);
+                    nl = buf.indexOf('\n');
+                }
+            }
+        }
+        finally {
+            try {
+                reader.releaseLock();
+            }
+            catch { /* ignore */ }
+        }
+    }
+    /**
+     * Phase 3 — promote a previously-built deployment to production.
+     *
+     * Two modes:
+     * - `input.to` set → promote that deploy ID directly. Cheapest path.
+     * - `input.to` omitted → look up the previous prod deploy via
+     *   `listDeployments(5)` and promote it. Throws `no_previous_deploy`
+     *   when there's nothing to roll back to (project with one deploy,
+     *   or every prior deploy is in ERROR/CANCELED state).
+     *
+     * Always-query is intentional: we never cache deploy IDs locally, so a
+     * promote performed from the Vercel dashboard between our deploy and
+     * our rollback is still observable.
+     */
+    async rollback(input) {
+        const start = this.now();
+        let targetId = input.to;
+        if (!targetId) {
+            const prev = await this.findPreviousProdDeployment(input.signal);
+            if (!prev) {
+                throw new GuardrailError(`No previous production deployment found for project "${this.project}" to roll back to`, { code: 'no_previous_deploy', provider: 'vercel' });
+            }
+            targetId = prev.id;
+        }
+        const url = this.urlWithTeam(`${VERCEL_API_BASE}/v13/deployments/${encodeURIComponent(targetId)}/promote`);
+        const res = await fetchWithRetry(this.fetchImpl, url, {
+            method: 'POST',
+            headers: this.headers(),
+            body: '{}',
+            signal: input.signal,
+        }, { sleepImpl: this.sleep, provider: 'vercel' });
+        await this.assertOkOrThrow(res, 'promote deployment');
+        // Promote responses are typically empty (204) or echo the deployment.
+        // Be defensive — parse if there's a body, otherwise carry on with the
+        // ID alone.
+        let data;
+        try {
+            data = (await res.json());
+        }
+        catch {
+            data = undefined;
+        }
+        return {
+            status: 'pass',
+            deployId: targetId,
+            rolledBackTo: targetId,
+            deployUrl: data?.url ? `https://${data.url}` : undefined,
+            buildLogsUrl: this.buildLogsUrl(targetId),
+            durationMs: this.now() - start,
+            output: redactLogLines(`Vercel deployment ${targetId} promoted to production`, this.redactionPatterns),
+        };
+    }
+    /**
+     * Phase 3 — list recent production deployments for the configured
+     * project. Used by the `deploy status` CLI subcommand and by the
+     * `findPreviousProdDeployment()` helper backing `rollback()`.
+     *
+     * The list endpoint is `/v6/deployments` (v13 is for individual
+     * deployments). `target=production` filters out preview builds; `limit`
+     * caps the result set — Vercel returns newest-first so a small limit
+     * is sufficient for both rollback target detection and the CLI status
+     * display (defaults to 5).
+     */
+    async listDeployments(limit = 5, signal) {
+        const url = this.urlWithTeam(`${VERCEL_API_BASE}/v6/deployments` +
+            `?projectId=${encodeURIComponent(this.project)}` +
+            `&limit=${encodeURIComponent(String(limit))}` +
+            `&target=production`);
+        const res = await fetchWithRetry(this.fetchImpl, url, {
+            method: 'GET',
+            headers: this.headers(),
+            signal,
+        }, { sleepImpl: this.sleep, provider: 'vercel' });
+        await this.assertOkOrThrow(res, 'list deployments');
+        const data = (await res.json());
+        return Array.isArray(data.deployments) ? data.deployments : [];
+    }
+    // ─────────────────────────────────────────────────────────────────────────────
+    // private helpers
+    // ─────────────────────────────────────────────────────────────────────────────
+    /**
+     * Apply the adapter's redaction patterns to a streamed log line's `text`.
+     * Mirrors the Fly/Render redactLine helpers introduced in v5.6 so secrets
+     * never escape the adapter via streamed log entries.
+     */
+    redactLine(line) {
+        return { ...line, text: redactLogLines(line.text, this.redactionPatterns) };
+    }
+    /**
+     * Returns the deployment immediately preceding the current production
+     * deployment, or `null` if no rollback target exists.
+     *
+     * "Preceding" means: among deployments with `state === 'READY'` (so we
+     * never roll back to a known-broken build), sorted newest-first by
+     * `createdAt`, the second entry. The first entry is the current prod
+     * deploy and we drop it.
+     */
+    async findPreviousProdDeployment(signal) {
+        const items = await this.listDeployments(5, signal);
+        const ready = items.filter((d) => d.state === 'READY');
+        ready.sort((a, b) => (b.createdAt ?? 0) - (a.createdAt ?? 0));
+        if (ready.length < 2)
+            return null;
+        return ready[1] ?? null;
+    }
+    async pollUntilTerminal(deployId, start, signal) {
+        const url = this.urlWithTeam(`${VERCEL_API_BASE}/v13/deployments/${encodeURIComponent(deployId)}`);
+        while (true) {
+            if (signal?.aborted) {
+                return { status: 'in-progress', deployId, durationMs: this.now() - start };
+            }
+            if (this.now() - start > this.maxPollMs) {
+                return {
+                    status: 'in-progress',
+                    deployId,
+                    durationMs: this.now() - start,
+                    buildLogsUrl: this.buildLogsUrl(deployId),
+                    output: redactLogLines(`Deployment still in progress after ${this.maxPollMs}ms — check ${this.buildLogsUrl(deployId)}`, this.redactionPatterns),
+                };
+            }
+            const res = await fetchWithRetry(this.fetchImpl, url, {
+                method: 'GET',
+                headers: this.headers(),
+                signal,
+            }, { sleepImpl: this.sleep, provider: 'vercel' });
+            await this.assertOkOrThrow(res, 'poll deployment');
+            const data = (await res.json());
+            const state = data.readyState ?? data.state;
+            if (state === 'READY' || state === 'ERROR' || state === 'CANCELED') {
+                return this.shapeResult(deployId, data, state, this.now() - start);
+            }
+            await this.sleep(this.pollIntervalMs);
+        }
+    }
+    shapeResult(deployId, data, state, durationMs) {
+        const status = state === 'READY' ? 'pass' : state === 'ERROR' || state === 'CANCELED' ? 'fail' : 'in-progress';
+        return {
+            status,
+            deployId,
+            deployUrl: data.url ? `https://${data.url}` : undefined,
+            buildLogsUrl: this.buildLogsUrl(deployId),
+            durationMs,
+            output: state
+                ? redactLogLines(`Vercel deployment ${deployId}: state=${state}`, this.redactionPatterns)
+                : undefined,
+        };
+    }
+    headers() {
+        return {
+            Authorization: `Bearer ${this.token}`,
+            'Content-Type': 'application/json',
+        };
+    }
+    urlWithTeam(base) {
+        if (!this.team)
+            return base;
+        const sep = base.includes('?') ? '&' : '?';
+        return `${base}${sep}teamId=${encodeURIComponent(this.team)}`;
+    }
+    buildLogsUrl(deployId) {
+        const teamSlug = this.team ?? 'me';
+        return `https://vercel.com/${encodeURIComponent(teamSlug)}/${encodeURIComponent(this.project)}/${encodeURIComponent(deployId)}`;
+    }
+    async assertOkOrThrow(res, step) {
+        if (res.ok)
+            return;
+        const bodyText = await safeReadBody(res);
+        if (res.status === 401 || res.status === 403) {
+            throw new GuardrailError(`Vercel auth failed (${res.status}) on ${step} — check VERCEL_TOKEN scope for project "${this.project}"${this.team ? ` (team ${this.team})` : ''}: ${bodyText}`, { code: 'auth', provider: 'vercel', step, details: { status: res.status } });
+        }
+        if (res.status === 404) {
+            throw new GuardrailError(`Vercel project "${this.project}" not found (${res.status}) on ${step}: ${bodyText}`, { code: 'invalid_config', provider: 'vercel', step, details: { status: res.status } });
+        }
+        throw new GuardrailError(`Vercel API error (${res.status}) on ${step}: ${bodyText}`, { code: 'adapter_bug', provider: 'vercel', step, details: { status: res.status } });
+    }
+    /**
+     * Like `fetchWithRetry` but tuned for the events endpoint:
+     * - 404 right after a deploy POST is a known race (the deploy hasn't yet
+     *   propagated to the events service). Retry up to N times with backoff.
+     * - 5xx behaves the same as `fetchWithRetry`.
+     * - Cancels cleanly on AbortError.
+     * - Returns the last `Response` so the caller can `assertOkOrThrow` on a
+     *   final non-OK status (e.g. 401 still bubbles immediately on attempt 1).
+     */
+    async fetchEventsWithRetry(url, signal, attempts = 3, baseMs = 500) {
+        let lastRes;
+        for (let i = 0; i < attempts; i++) {
+            let res;
+            try {
+                res = await this.fetchImpl(url, {
+                    method: 'GET',
+                    headers: { ...this.headers(), Accept: 'text/event-stream' },
+                    signal,
+                });
+            }
+            catch (err) {
+                if (err instanceof Error && err.name === 'AbortError')
+                    throw err;
+                if (i < attempts - 1) {
+                    await this.sleep(baseMs * 2 ** i);
+                    continue;
+                }
+                throw new GuardrailError(`Vercel events endpoint unreachable after ${attempts} attempts: ${err?.message ?? String(err)}`, { code: 'transient_network', provider: 'vercel' });
+            }
+            lastRes = res;
+            // 404 after create-deployment is the known race — retry.
+            if (res.status === 404 && i < attempts - 1) {
+                await this.sleep(baseMs * 2 ** i);
+                continue;
+            }
+            // 5xx is transient — retry.
+            if (res.status >= 500 && res.status < 600 && i < attempts - 1) {
+                await this.sleep(baseMs * 2 ** i);
+                continue;
+            }
+            return res;
+        }
+        return lastRes;
+    }
+}
+/**
+ * Parse a single line from Vercel's events endpoint into a `DeployLogLine`.
+ *
+ * Accepts both raw NDJSON and classic SSE `data: {...}` lines. Returns
+ * `null` for events we don't surface (state changes, completes, heartbeats,
+ * and any line that fails to JSON-parse) — silently skipping a malformed
+ * event is preferable to crashing a long-running stream.
+ */
+function parseEventLine(raw) {
+    const trimmed = raw.trim();
+    if (!trimmed)
+        return null;
+    // SSE comment / heartbeat lines start with ':'
+    if (trimmed.startsWith(':'))
+        return null;
+    // SSE event/id/retry lines — not data, skip
+    if (trimmed.startsWith('event:') || trimmed.startsWith('id:') || trimmed.startsWith('retry:'))
+        return null;
+    // Strip 'data: ' prefix if present (classic SSE)
+    const jsonPart = trimmed.startsWith('data:') ? trimmed.slice(5).trim() : trimmed;
+    if (!jsonPart)
+        return null;
+    let parsed;
+    try {
+        parsed = JSON.parse(jsonPart);
+    }
+    catch {
+        return null;
+    }
+    if (typeof parsed !== 'object' || parsed === null)
+        return null;
+    const ev = parsed;
+    // Only surface log-bearing event types. Vercel emits 'stdout'/'stderr' for
+    // build output; 'state'/'complete'/etc. are deploy lifecycle events that
+    // the polling loop already handles.
+    if (ev.type !== 'stdout' && ev.type !== 'stderr')
+        return null;
+    const text = typeof ev.payload?.text === 'string' ? ev.payload.text : '';
+    if (!text)
+        return null;
+    const ts = typeof ev.created === 'number' ? ev.created : typeof ev.date === 'number' ? ev.date : Date.now();
+    return { timestamp: ts, level: ev.type, text };
+}
+//# sourceMappingURL=vercel.js.map

package/dist/src/adapters/pricing.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Canonical per-model pricing for cost-ledger / cost-estimate / cost-cap features.
+ *
+ * Computed client-side because the OpenAI Responses API and most provider APIs
+ * return token counts but no $-cost field. Without these constants every codex
+ * run logged costUSD=0 even though tokens were tracked correctly.
+ *
+ * Units: USD per 1,000,000 tokens.
+ *
+ * `cachedInputPer1M` is the price for cached-input tokens (OpenAI's prompt-cache
+ * read tier — typically ~1/8 of `inputPer1M`). Set to `null` when the provider
+ * doesn't surface a cached tier or we don't have a confirmed published number.
+ *
+ * Adding a model here does NOT auto-wire it into any adapter — the per-adapter
+ * COST_PER_M_INPUT/OUTPUT constants in src/adapters/{council,review-engine}/*.ts
+ * remain the actual source of truth for runtime cost computation, and stay
+ * env-overridable. This table is the documentation/single-source-of-truth for
+ * "what should the defaults be" + drives the cost-ledger config defaults.
+ *
+ * Keep entries sorted: oldest → newest within each provider, providers
+ * alphabetical.
+ */
+export interface ModelPricing {
+    inputPer1M: number;
+    outputPer1M: number;
+    cachedInputPer1M: number | null;
+}
+export declare const MODEL_PRICING: Record<string, ModelPricing>;
+/**
+ * Look up canonical pricing for a model. Returns `undefined` for unknown
+ * models — callers should fall back to env-var defaults rather than throwing,
+ * because this table is intentionally non-exhaustive (adapters work with any
+ * model the underlying SDK accepts).
+ */
+export declare function getModelPricing(model: string): ModelPricing | undefined;
+//# sourceMappingURL=pricing.d.ts.map

package/dist/src/adapters/pricing.js

@@ -0,0 +1,40 @@
+export const MODEL_PRICING = {
+    // OpenAI ----------------------------------------------------------------
+    // gpt-5.3-codex: legacy default (pre-2026-04-23). Kept for back-compat —
+    // users may have pinned via CODEX_MODEL env var.
+    'gpt-5.3-codex': {
+        inputPer1M: 1.25,
+        outputPer1M: 10.0,
+        cachedInputPer1M: null,
+    },
+    // gpt-5.4: superseded by gpt-5.5 on 2026-04-23. Kept for back-compat.
+    'gpt-5.4': {
+        inputPer1M: 2.5,
+        outputPer1M: 15.0,
+        cachedInputPer1M: null,
+    },
+    // gpt-5.5 (codename Spud, released 2026-04-23): current default for codex
+    // adapter + council openai adapter. Better at coding than 5.4 with fewer
+    // tokens, but ~2× more expensive per token. Available via standard
+    // Responses/Chat Completions API at `gpt-5.5` (no `-codex` suffix).
+    // Bugbot MEDIUM PR #93: `cachedInputPer1M` is `null` (NOT 0) until we have
+    // a confirmed published number. The interface contract treats `0` as
+    // "cached tokens are free" — using it would make consumers silently
+    // compute $0 for cached usage. Heuristic is ~1/8 of input (~$0.625/1M)
+    // per OpenAI's prompt-cache pattern, but no definitive source yet.
+    'gpt-5.5': {
+        inputPer1M: 5.0,
+        outputPer1M: 30.0,
+        cachedInputPer1M: null,
+    },
+};
+/**
+ * Look up canonical pricing for a model. Returns `undefined` for unknown
+ * models — callers should fall back to env-var defaults rather than throwing,
+ * because this table is intentionally non-exhaustive (adapters work with any
+ * model the underlying SDK accepts).
+ */
+export function getModelPricing(model) {
+    return MODEL_PRICING[model];
+}
+//# sourceMappingURL=pricing.js.map

package/dist/src/adapters/review-engine/claude.js

@@ -1,7 +1,7 @@
-import Anthropic from '@anthropic-ai/sdk';
 import { GuardrailError } from "../../core/errors.js";
 import { parseReviewOutput } from "./parse-output.js";
 import { buildSystemPrompt, classifyError } from "./prompt-builder.js";
+import { loadAnthropic } from "../sdk-loader.js";
 const DEFAULT_MODEL = 'claude-opus-4-7';
 const MAX_OUTPUT_TOKENS = 4096;
 // Cost per million tokens (USD) — opus-4-7 pricing
@@ -47,6 +47,7 @@ export const claudeAdapter = {
         }
         const model = input.context?.['model'] ?? DEFAULT_MODEL;
         const systemPrompt = buildSystemPrompt(input, SYSTEM_PROMPT_TEMPLATE);
+        const Anthropic = await loadAnthropic();
         const client = new Anthropic({ apiKey });
         let response;
         try {

package/dist/src/adapters/review-engine/codex.js

@@ -1,15 +1,18 @@
-import OpenAI from 'openai';
 import { parseReviewOutput } from "./parse-output.js";
 import { GuardrailError } from "../../core/errors.js";
 import { buildSystemPrompt, classifyError } from "./prompt-builder.js";
-const DEFAULT_MODEL = process.env.CODEX_MODEL ?? 'gpt-5.3-codex';
+import { loadOpenAI } from "../sdk-loader.js";
+import { getModelPricing } from "../pricing.js";
+const DEFAULT_MODEL = process.env.CODEX_MODEL ?? 'gpt-5.5';
 const MAX_OUTPUT_TOKENS = 4096;
-// Per-million-token rates for gpt-5.3-codex (override via env for other models).
-// Computed client-side because the OpenAI Responses API returns token counts
-// but no $-cost field. Without this, every codex run logged costUSD=0 even
-// though tokens were tracked correctly.
-const COST_PER_M_INPUT = Number(process.env.CODEX_COST_INPUT_PER_M ?? 1.25);
-const COST_PER_M_OUTPUT = Number(process.env.CODEX_COST_OUTPUT_PER_M ?? 10.0);
+// Per-million-token rates. Bugbot LOW PR #93: wired to read from the
+// canonical MODEL_PRICING table so the table is no longer dead code.
+// Resolution order: env override → MODEL_PRICING entry for DEFAULT_MODEL →
+// numeric fallback (gpt-5.5 published rates). Costs are computed client-side
+// because the OpenAI Responses API returns token counts but no $-cost field.
+const _pricing = getModelPricing(DEFAULT_MODEL);
+const COST_PER_M_INPUT = Number(process.env.CODEX_COST_INPUT_PER_M ?? _pricing?.inputPer1M ?? 5.0);
+const COST_PER_M_OUTPUT = Number(process.env.CODEX_COST_OUTPUT_PER_M ?? _pricing?.outputPer1M ?? 30.0);
 const SYSTEM_PROMPT_TEMPLATE = `You are a senior software architect providing feedback on designs, proposals, and ideas.
 
 The codebase context:
@@ -48,6 +51,7 @@ export const codexAdapter = {
             throw new GuardrailError('OPENAI_API_KEY not set', { code: 'auth', provider: 'codex' });
         }
         const systemPrompt = buildSystemPrompt(input, SYSTEM_PROMPT_TEMPLATE);
+        const OpenAI = await loadOpenAI();
         const client = new OpenAI({ apiKey });
         let response;
         try {

package/dist/src/adapters/review-engine/gemini.js

@@ -1,7 +1,7 @@
-import { GoogleGenerativeAI } from '@google/generative-ai';
 import { parseReviewOutput } from "./parse-output.js";
 import { GuardrailError } from "../../core/errors.js";
 import { buildSystemPrompt, classifyError } from "./prompt-builder.js";
+import { loadGoogleGenerativeAI } from "../sdk-loader.js";
 const DEFAULT_MODEL = 'gemini-2.5-pro-preview-05-06';
 const MAX_OUTPUT_TOKENS = 4096;
 // Cost per million tokens (USD) — gemini-2.5-pro pricing (<200k context)
@@ -55,6 +55,7 @@ export const geminiAdapter = {
         }
         const model = input.context?.['model'] ?? DEFAULT_MODEL;
         const prompt = buildSystemPrompt(input, PROMPT_TEMPLATE).replace('{CONTENT}', input.content);
+        const GoogleGenerativeAI = await loadGoogleGenerativeAI();
         const genAI = new GoogleGenerativeAI(apiKey);
         const genModel = genAI.getGenerativeModel({
             model,

package/dist/src/adapters/review-engine/openai-compatible.js

@@ -1,7 +1,7 @@
-import OpenAI from 'openai';
 import { parseReviewOutput } from "./parse-output.js";
 import { GuardrailError } from "../../core/errors.js";
 import { buildSystemPrompt, classifyError } from "./prompt-builder.js";
+import { loadOpenAI } from "../sdk-loader.js";
 const MAX_OUTPUT_TOKENS = 4096;
 const SYSTEM_PROMPT_TEMPLATE = `You are a senior software architect reviewing code changes for quality, security, and correctness.
 
@@ -49,6 +49,7 @@ export const openaiCompatibleAdapter = {
             throw new GuardrailError('openai-compatible adapter requires options.model to be set in guardrail.config.yaml', { code: 'invalid_config', provider: 'openai-compatible' });
         }
         const systemPrompt = buildSystemPrompt(input, SYSTEM_PROMPT_TEMPLATE);
+        const OpenAI = await loadOpenAI();
         const client = new OpenAI({ apiKey, ...(baseURL ? { baseURL } : {}) });
         let response;
         try {

package/dist/src/adapters/sdk-loader.d.ts

@@ -0,0 +1,15 @@
+import type AnthropicNS from '@anthropic-ai/sdk';
+import type OpenAINS from 'openai';
+import type { GoogleGenerativeAI as GoogleGenAINS } from '@google/generative-ai';
+type AnthropicCtor = typeof AnthropicNS;
+type OpenAICtor = typeof OpenAINS;
+type GoogleGenerativeAICtor = typeof GoogleGenAINS;
+export declare function loadAnthropic(): Promise<AnthropicCtor>;
+export declare function loadOpenAI(): Promise<OpenAICtor>;
+export declare function loadGoogleGenerativeAI(): Promise<GoogleGenerativeAICtor>;
+/**
+ * Quick non-throwing check — used by `doctor` to report install state.
+ */
+export declare function isSdkInstalled(pkg: string): Promise<boolean>;
+export {};
+//# sourceMappingURL=sdk-loader.d.ts.map