@gajae-code/coding-agent 0.5.1 → 0.5.2

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@gajae-code/coding-agent",
-	"version": "0.5.1",
+	"version": "0.5.2",
 	"description": "Gajae Code CLI with read, bash, edit, write tools and session management",
 	"homepage": "https://gaebal-gajae.dev",
 	"author": "Yeachan-Heo",
@@ -51,12 +51,12 @@
 		"@agentclientprotocol/sdk": "0.21.0",
 		"@babel/parser": "^7.29.3",
 		"@mozilla/readability": "^0.6.0",
-		"@gajae-code/stats": "0.5.1",
-		"@gajae-code/agent-core": "0.5.1",
-		"@gajae-code/ai": "0.5.1",
-		"@gajae-code/natives": "0.5.1",
-		"@gajae-code/tui": "0.5.1",
-		"@gajae-code/utils": "0.5.1",
+		"@gajae-code/stats": "0.5.2",
+		"@gajae-code/agent-core": "0.5.2",
+		"@gajae-code/ai": "0.5.2",
+		"@gajae-code/natives": "0.5.2",
+		"@gajae-code/tui": "0.5.2",
+		"@gajae-code/utils": "0.5.2",
 		"@puppeteer/browsers": "^2.13.0",
 		"@types/turndown": "5.0.6",
 		"@xterm/headless": "^6.0.0",

package/scripts/build-binary.ts

@@ -5,6 +5,12 @@ import * as path from "node:path";
 const packageDir = path.join(import.meta.dir, "..");
 const outputPath = path.join(packageDir, "dist", "gjc");
 const nativeDir = path.join(packageDir, "..", "natives", "native");
+// Lazy native tokenizer entrypoint. `agent-core/compaction` loads this from
+// the explicit native entrypoint instead of a package-name dynamic require of
+// `@gajae-code/natives`, because those fail inside Bun standalone `$bunfs`.
+// Listing the module here makes the absolute target path exist in the compiled
+// bunfs.
+const nativeTokenizerEntrypoint = "../natives/native/index.js";
 
 function shouldAdhocSignDarwinBinary(): boolean {
 	return process.platform === "darwin";
@@ -66,6 +72,7 @@ async function main(): Promise<void> {
 					"../stats/src/sync-worker.ts",
 					"./src/tools/browser/tab-worker-entry.ts",
 					"./src/eval/js/worker-entry.ts",
+					nativeTokenizerEntrypoint,
 					"--outfile",
 					"dist/gjc",
 				],

package/src/cli/args.ts

@@ -269,6 +269,8 @@ export function getExtraHelpText(): string {
   gjc session                  - List, inspect, create, remove, or attach tagged GJC-managed tmux sessions
   GJC_LAUNCH_POLICY           - Launch policy for --tmux startup: tmux or direct
   GJC_TMUX_SESSION            - Explicit tmux session name override for --tmux startup
+  GJC_TMUX_PROFILE            - Apply GJC tmux scroll/mouse/clipboard profile to --tmux sessions (set 0/off to skip)
+  GJC_MOUSE                   - Mouse-wheel scroll in --tmux sessions (set 0/off to let the host terminal scroll)
 
   For complete environment variable reference, see:
   ${chalk.dim("docs/environment-variables.md")}

package/src/cli/fast-help.ts

@@ -54,6 +54,8 @@ export function getExtraHelpText(): string {
   gjc session                  - List, inspect, create, remove, or attach tagged GJC-managed tmux sessions
   GJC_LAUNCH_POLICY           - Launch policy for --tmux startup: tmux or direct
   GJC_TMUX_SESSION            - Explicit tmux session name override for --tmux startup
+  GJC_TMUX_PROFILE            - Apply GJC tmux scroll/mouse/clipboard profile to --tmux sessions (set 0/off to skip)
+  GJC_MOUSE                   - Mouse-wheel scroll in --tmux sessions (set 0/off to let the host terminal scroll)
 
   For complete environment variable reference, see:
   docs/environment-variables.md

package/src/cli/setup-cli.ts

@@ -3,8 +3,11 @@
  *
  * Handles `gjc setup [component]` to install the normal defaults or optional feature dependencies.
  */
+
 import * as path from "node:path";
-import { $which, APP_NAME, getPythonEnvDir } from "@gajae-code/utils";
+import { createInterface } from "node:readline/promises";
+import { SqliteAuthCredentialStore } from "@gajae-code/ai";
+import { $which, APP_NAME, getAgentDbPath, getPythonEnvDir } from "@gajae-code/utils";
 import { $ } from "bun";
 import chalk from "chalk";
 import { installDefaultGjcDefinitions } from "../defaults/gjc-defaults";
@@ -14,6 +17,7 @@ import {
 	readGjcManagedCodexHooksStatus,
 } from "../hooks/codex-native-hooks-config";
 import { theme } from "../modes/theme/theme";
+import { discoverExternalCredentials, formatDiscoverySummary, importCredentials } from "../setup/credential-import";
 import {
 	formatHermesSetupResult,
 	type HermesSetupFlags,
@@ -27,7 +31,7 @@ import {
 	parseProviderCompatibility,
 } from "../setup/provider-onboarding";
 
-export type SetupComponent = "defaults" | "hermes" | "hooks" | "provider" | "python" | "stt";
+export type SetupComponent = "credentials" | "defaults" | "hermes" | "hooks" | "provider" | "python" | "stt";
 
 export interface SetupCommandArgs {
 	component: SetupComponent;
@@ -57,10 +61,12 @@ export interface SetupCommandArgs {
 		gjcCommand?: string;
 		target?: string;
 		profileDir?: string;
+		yes?: boolean;
+		dryRun?: boolean;
 	};
 }
 
-const VALID_COMPONENTS: SetupComponent[] = ["defaults", "hermes", "hooks", "provider", "python", "stt"];
+const VALID_COMPONENTS: SetupComponent[] = ["credentials", "defaults", "hermes", "hooks", "provider", "python", "stt"];
 
 function hasProviderSetupFlags(flags: SetupCommandArgs["flags"]): boolean {
 	return (
@@ -113,6 +119,10 @@ export function parseSetupArgs(args: string[]): SetupCommandArgs | undefined {
 			flags.smoke = true;
 		} else if (arg === "--install") {
 			flags.install = true;
+		} else if (arg === "--yes" || arg === "-y") {
+			flags.yes = true;
+		} else if (arg === "--dry-run") {
+			flags.dryRun = true;
 		} else if (arg === "--root") {
 			flags.root = [...(flags.root ?? []), args[++i] ?? ""];
 		} else if (arg === "--repo") {
@@ -243,6 +253,9 @@ export async function runSetupCommand(cmd: SetupCommandArgs): Promise<void> {
 		case "stt":
 			await handleSttSetup(cmd.flags);
 			break;
+		case "credentials":
+			await handleCredentialsSetup(cmd.flags);
+			break;
 	}
 }
 
@@ -472,6 +485,122 @@ async function handleSttSetup(flags: { json?: boolean; check?: boolean }): Promi
 		process.exit(1);
 	}
 }
+async function confirmImport(count: number): Promise<boolean> {
+	if (!process.stdin.isTTY) return false;
+	const rl = createInterface({ input: process.stdin, output: process.stdout });
+	try {
+		const answer = (await rl.question(`Import ${count} credential(s) into ${getAgentDbPath()}? [y/N] `))
+			.trim()
+			.toLowerCase();
+		return answer === "y" || answer === "yes";
+	} finally {
+		rl.close();
+	}
+}
+
+/**
+ * Discover existing Claude Code / Codex CLI credentials and import them into the
+ * gjc credential store after a redacted preview + confirmation. Falls back to
+ * manual-setup guidance when nothing importable is found.
+ */
+async function handleCredentialsSetup(flags: { json?: boolean; yes?: boolean; dryRun?: boolean }): Promise<void> {
+	const result = await discoverExternalCredentials();
+	const redactedPlan = {
+		importable: result.importable.map(c => ({
+			provider: c.provider,
+			kind: c.kind,
+			source: c.source,
+			identity: c.identity,
+			expiresAt: c.expiresAt,
+			redactedToken: c.redactedToken,
+		})),
+		skipped: result.skipped,
+		environment: result.environment,
+	};
+
+	if (result.importable.length === 0) {
+		if (flags.json) {
+			process.stdout.write(`${JSON.stringify({ ...redactedPlan, imported: [] })}\n`);
+			return;
+		}
+		for (const line of formatDiscoverySummary(result)) process.stdout.write(`  ${line}\n`);
+		process.stdout.write(
+			chalk.yellow(
+				`\nNo importable Claude/Codex credentials found. Continue with manual setup:\n` +
+					`  ${APP_NAME} setup provider   (add an API-compatible provider)\n` +
+					`  ${APP_NAME} (then /login)     (interactive OAuth/subscription login)\n`,
+			),
+		);
+		return;
+	}
+
+	if (!flags.json) {
+		process.stdout.write(chalk.bold("Discovered credentials (redacted):\n"));
+		for (const line of formatDiscoverySummary(result)) process.stdout.write(`  ${line}\n`);
+	}
+
+	if (flags.dryRun) {
+		if (flags.json) process.stdout.write(`${JSON.stringify({ ...redactedPlan, dryRun: true, imported: [] })}\n`);
+		else process.stdout.write(chalk.dim(`\nDry run — no credentials imported.\n`));
+		return;
+	}
+
+	const confirmed = flags.yes || (await confirmImport(result.importable.length));
+	if (!confirmed) {
+		if (flags.json) {
+			process.stdout.write(`${JSON.stringify({ ...redactedPlan, imported: [] })}\n`);
+			return;
+		}
+		process.stdout.write(chalk.dim(`\nImport cancelled. Re-run with --yes to import non-interactively.\n`));
+		return;
+	}
+
+	const store = await SqliteAuthCredentialStore.open(getAgentDbPath());
+	let summary: Awaited<ReturnType<typeof importCredentials>>;
+	try {
+		summary = await importCredentials(result.importable, (provider, credential) =>
+			store.upsertAuthCredentialForProvider(provider, credential),
+		);
+	} finally {
+		store.close();
+	}
+
+	if (flags.json) {
+		process.stdout.write(
+			`${JSON.stringify({
+				...redactedPlan,
+				imported: summary.imported.map(c => ({ provider: c.provider, kind: c.kind, source: c.source })),
+				failed: summary.failed.map(f => ({
+					provider: f.credential.provider,
+					source: f.credential.source,
+					error: f.error,
+				})),
+			})}\n`,
+		);
+		if (summary.failed.length > 0) process.exitCode = 1;
+		return;
+	}
+
+	for (const credential of summary.imported) {
+		process.stdout.write(
+			`${chalk.green(`${theme.status.success} imported`)} ${formatCredentialSummaryLine(credential)}\n`,
+		);
+	}
+	for (const failure of summary.failed) {
+		process.stdout.write(
+			`${chalk.red(`${theme.status.error} failed`)} ${failure.credential.provider} (${failure.credential.source}): ${failure.error}\n`,
+		);
+	}
+	if (summary.failed.length > 0) {
+		process.exitCode = 1;
+		return;
+	}
+	process.stdout.write(chalk.dim(`\nCredentials saved to ${getAgentDbPath()}\n`));
+}
+
+function formatCredentialSummaryLine(credential: { provider: string; kind: string; source: string }): string {
+	return `${credential.provider} · ${credential.kind} (from ${credential.source})`;
+}
 
 /**
  * Print setup command help.
@@ -489,6 +618,7 @@ ${chalk.bold("Components:")}
   provider  Optional: add a preset, OpenAI-compatible, or Anthropic-compatible API provider
   python    Optional: verify a Python 3 interpreter is reachable for code execution
   stt       Optional: install speech-to-text dependencies (openai-whisper, recording tools)
+  credentials Optional: import existing Claude Code / Codex CLI credentials
 
 
 ${chalk.bold("Provider example:")}
@@ -524,6 +654,8 @@ ${chalk.bold("Options:")}
   --mutation        Hermes MCP mutation classes: sessions,questions,reports,all
   --target          Hermes config file target for config-only install
   --profile-dir     Hermes profile directory for full setup install
+  --dry-run         Preview discovered credentials without importing (credentials)
+  -y, --yes         Import discovered credentials without an interactive prompt (credentials)
 
 ${chalk.bold("Examples:")}
   ${APP_NAME} setup                  Install bundled GJC default workflow skills
@@ -536,5 +668,8 @@ ${chalk.bold("Examples:")}
   ${APP_NAME} setup stt              Install speech-to-text dependencies
   ${APP_NAME} setup stt --check      Check if STT dependencies are available
   ${APP_NAME} setup python --check   Check if Python execution is available
+  ${APP_NAME} setup credentials      Discover & import existing Claude/Codex credentials
+  ${APP_NAME} setup credentials --dry-run  Preview importable credentials (redacted)
+  ${APP_NAME} setup credentials --yes      Import without an interactive prompt
 `);
 }

package/src/commands/setup.ts

@@ -5,7 +5,7 @@ import { Args, Command, Flags } from "@gajae-code/utils/cli";
 import { runSetupCommand, type SetupCommandArgs, type SetupComponent } from "../cli/setup-cli";
 import { initTheme } from "../modes/theme/theme";
 
-const COMPONENTS: SetupComponent[] = ["defaults", "hermes", "hooks", "provider", "python", "stt"];
+const COMPONENTS: SetupComponent[] = ["credentials", "defaults", "hermes", "hooks", "provider", "python", "stt"];
 
 export default class Setup extends Command {
 	static description = "Install GJC defaults or optional feature dependencies";
@@ -47,6 +47,8 @@ export default class Setup extends Command {
 		"api-key-env": Flags.string({ description: "Read provider API key from this environment variable" }),
 		model: Flags.string({ description: "Model id to add (repeat or comma-separate)", multiple: true }),
 		"models-path": Flags.string({ description: "Override models config path" }),
+		yes: Flags.boolean({ char: "y", description: "Import discovered credentials without an interactive prompt" }),
+		"dry-run": Flags.boolean({ description: "Preview discovered credentials without importing" }),
 	};
 
 	async run(): Promise<void> {
@@ -79,6 +81,8 @@ export default class Setup extends Command {
 				gjcCommand: flags["gjc-command"],
 				target: flags.target,
 				profileDir: flags["profile-dir"],
+				yes: flags.yes,
+				dryRun: flags["dry-run"],
 			},
 		};
 		await initTheme();

package/src/commands/ultragoal.ts

@@ -16,12 +16,14 @@ export default class Ultragoal extends Command {
 	static delegateHelp = true;
 
 	async run(): Promise<void> {
+		const isReviewStart = this.argv.includes("review") && this.argv.includes("review-start");
 		const shouldActivateGoalMode = isUltragoalCreateGoalsInvocation(this.argv);
 		const result = await runNativeUltragoalCommand(this.argv);
 		if (result.stdout) process.stdout.write(result.stdout);
 		if (result.stderr) process.stderr.write(result.stderr);
 		process.exitCode = result.status;
-		if (result.status !== 0 || !shouldActivateGoalMode) return;
+		if (result.status !== 0 || (!shouldActivateGoalMode && !isReviewStart)) return;
+		if (isReviewStart && !result.createdReviewPlan && (result.reviewBlockerGoalIds?.length ?? 0) === 0) return;
 
 		const cwd = process.cwd();
 		const { objective, goalsPath } = await readUltragoalGjcObjective(cwd);

package/src/config/file-lock-gc.ts

@@ -2,6 +2,7 @@
  * GC adapter for config file-locks (`<file>.lock` dirs holding `{pid, timestamp}`).
  */
 
+import type { Stats } from "node:fs";
 import * as fs from "node:fs/promises";
 import * as path from "node:path";
 import { getAgentDir, getConfigRootDir, isEnoent } from "@gajae-code/utils";
@@ -92,7 +93,7 @@ async function walkForLockDirs(
 		return;
 	}
 
-	let stat: Awaited<ReturnType<typeof fs.lstat>>;
+	let stat: Stats;
 	try {
 		stat = await fs.lstat(dir);
 	} catch (error) {
@@ -171,8 +172,19 @@ export const fileLocksGcAdapter: GcStoreAdapter = {
 			return { removed: false, skipped: "lock_no_longer_dead_or_missing" };
 		}
 
+		// Fail-closed owner-token guard (#606): we observed `info` (pid+timestamp)
+		// dead, but a fresh owner can reclaim a stale lock dir at this same path
+		// between the probe above and the unlink below. Pass the exact owner token
+		// so removal re-verifies the on-disk identity under the unlink and refuses
+		// to delete a recreated LIVE lock (TOCTOU).
 		try {
-			await removeFileLockDirForGc(lockDir);
+			const removal = await removeFileLockDirForGc(lockDir, info);
+			if (removal === "owner_changed") {
+				return { removed: false, skipped: "file_lock_owner_changed_before_delete" };
+			}
+			if (removal === "missing") {
+				return { removed: false, skipped: "lock_no_longer_dead_or_missing" };
+			}
 			return { removed: true };
 		} catch (error) {
 			return { removed: false, error: errorMessage(error) };

package/src/config/file-lock.ts

@@ -1,5 +1,5 @@
 import * as fs from "node:fs/promises";
-import { isEnoent } from "@gajae-code/utils";
+import { isEnoent } from "@gajae-code/utils/fs-error";
 
 export interface FileLockOptions {
 	staleMs?: number;
@@ -45,17 +45,57 @@ export async function readFileLockInfoForGc(lockDir: string): Promise<{ pid: num
 	return info;
 }
 
-/** @internal */
-export async function removeFileLockDirForGc(lockDir: string): Promise<void> {
+/** Owner identity stamped into a `<file>.lock/info` record. */
+export interface FileLockOwnerToken {
+	pid: number;
+	timestamp: number;
+}
+
+/** Outcome of a guarded GC removal attempt (`removeFileLockDirForGc`). */
+export type FileLockGcRemoval = "removed" | "owner_changed" | "missing";
+
+/**
+ * @internal
+ * Fail-closed removal of a dead lock dir for GC. Re-reads the on-disk owner
+ * token as close to the unlink as possible and only deletes the dir when it
+ * STILL holds the exact `{pid, timestamp}` identity the caller observed dead.
+ *
+ * Closes the prune-time TOCTOU window (#606): between GC's dead re-read/probe
+ * and the unlink, a live process can reclaim a stale lock at the same path
+ * (`acquireLock` rms the stale dir, then re-`mkdir`s and rewrites `info` with a
+ * fresh pid+timestamp). Deleting by path alone would reap that LIVE lock. Any
+ * mismatch (`owner_changed`) or absent/unreadable info (`missing` — e.g. a
+ * fresh acquirer between `mkdir` and `writeLockInfo`) refuses the delete and
+ * leaves the dir intact. POSIX has no atomic compare-and-delete for a
+ * directory, so the residual read->unlink window cannot be fully eliminated,
+ * but the reclaim-after-stale scenario the issue describes is now guarded.
+ */
+export async function removeFileLockDirForGc(
+	lockDir: string,
+	expected: FileLockOwnerToken,
+): Promise<FileLockGcRemoval> {
+	const current = await readLockInfo(lockDir);
+	if (!current) return "missing";
+	if (current.pid !== expected.pid || current.timestamp !== expected.timestamp) {
+		return "owner_changed";
+	}
 	await fs.rm(lockDir, { recursive: true, force: true });
+	return "removed";
 }
 
-function isProcessAlive(pid: number): boolean {
+type OwnerLiveness = "alive" | "dead" | "unknown";
+
+function ownerLiveness(pid: number): OwnerLiveness {
+	if (!Number.isFinite(pid) || pid <= 0) return "unknown";
 	try {
 		process.kill(pid, 0);
-		return true;
-	} catch {
-		return false;
+		return "alive";
+	} catch (error) {
+		const code = (error as NodeJS.ErrnoException).code;
+		if (code === "ESRCH") return "dead";
+		// EPERM means the process exists but we may not signal it; treat as alive.
+		// Anything else is indeterminate.
+		return code === "EPERM" ? "alive" : "unknown";
 	}
 }
 
@@ -63,11 +103,13 @@ async function isLockStale(lockPath: string, staleMs: number): Promise<boolean>
 	const info = await readLockInfo(lockPath);
 	if (!info) return true;
 
-	if (!isProcessAlive(info.pid)) return true;
-
-	if (Date.now() - info.timestamp > staleMs) return true;
-
-	return false;
+	// Never reap a live owner by elapsed time: a long legitimate critical section must
+	// not have its lock stolen (#652). Reclaim a dead owner immediately. Only when owner
+	// liveness is indeterminate do we fall back to the staleMs elapsed-time heuristic.
+	const liveness = ownerLiveness(info.pid);
+	if (liveness === "dead") return true;
+	if (liveness === "alive") return false;
+	return Date.now() - info.timestamp > staleMs;
 }
 
 async function tryAcquireLock(lockPath: string): Promise<boolean> {

package/src/config/model-profile-activation.ts

@@ -11,6 +11,8 @@ import { type GjcModelAssignmentTargetId, isAuthenticated, type ModelRegistry }
 import { resolveModelRoleValue } from "./model-resolver";
 import type { Settings } from "./settings";
 
+const LEGACY_MODEL_PROFILE_ALIASES: ReadonlyMap<string, string> = new Map([["codex-standard", "codex-medium"]]);
+
 type ModelProfileActivationSession = Pick<AgentSession, "model" | "thinkingLevel" | "sessionId"> & {
 	setModelTemporary?: AgentSession["setModelTemporary"];
 	setActiveModelProfile?: (name: string | undefined) => void;
@@ -51,12 +53,22 @@ export function formatModelProfileCredentialError(profileName: string, providers
 	return `Model profile "${profileName}" requires credentials for: ${providers.join(", ")}. Run /login and configure the missing provider(s), then retry.`;
 }
 
+function resolveModelProfileName(profileName: string, profiles: ReadonlyMap<string, unknown>): string {
+	// A retired-name alias is fallback-only: never shadow a profile that actually
+	// exists under the requested name (e.g. a user-defined `codex-standard`).
+	if (profiles.has(profileName)) return profileName;
+	const replacement = LEGACY_MODEL_PROFILE_ALIASES.get(profileName);
+	return replacement && profiles.has(replacement) ? replacement : profileName;
+}
+
 export async function prepareModelProfileActivation(
 	options: PrepareModelProfileActivationOptions,
 ): Promise<PreparedModelProfileActivation> {
-	const profile = options.modelRegistry.getModelProfile(options.profileName);
+	const profiles = options.modelRegistry.getModelProfiles();
+	const profileName = resolveModelProfileName(options.profileName, profiles);
+	const profile = profiles.get(profileName) ?? options.modelRegistry.getModelProfile(profileName);
 	if (!profile) {
-		const available = formatAvailableProfileNames(options.modelRegistry.getModelProfiles());
+		const available = formatAvailableProfileNames(profiles);
 		throw new Error(`Unknown model profile "${options.profileName}". Available profiles: ${available}`);
 	}
 
@@ -101,7 +113,7 @@ export async function prepareModelProfileActivation(
 	}
 
 	return {
-		profileName: options.profileName,
+		profileName,
 		session: options.session as PreparedModelProfileActivation["session"],
 		settings: options.settings as PreparedModelProfileActivation["settings"],
 		previousModel: options.session.model,

package/src/config/model-profiles.ts

@@ -202,25 +202,25 @@ export const BUILTIN_MODEL_PROFILES: readonly ModelProfileDefinition[] = [
 		architect: "cursor/composer-1.5:xhigh",
 	}),
 	profile("minimax-eco", ["minimax-code"], {
-		default: "minimax-code/minimax-v3:low",
-		executor: "minimax-code/minimax-v3:minimal",
-		planner: "minimax-code/minimax-v3:low",
-		critic: "minimax-code/minimax-v3:medium",
-		architect: "minimax-code/minimax-v3:high",
+		default: "minimax-code/minimax-m3:low",
+		executor: "minimax-code/minimax-m3:minimal",
+		planner: "minimax-code/minimax-m3:low",
+		critic: "minimax-code/minimax-m3:medium",
+		architect: "minimax-code/minimax-m3:high",
 	}),
 	profile("minimax-medium", ["minimax-code"], {
-		default: "minimax-code/minimax-v3:medium",
-		executor: "minimax-code/minimax-v3:low",
-		planner: "minimax-code/minimax-v3:medium",
-		critic: "minimax-code/minimax-v3:high",
-		architect: "minimax-code/minimax-v3:xhigh",
+		default: "minimax-code/minimax-m3:medium",
+		executor: "minimax-code/minimax-m3:low",
+		planner: "minimax-code/minimax-m3:medium",
+		critic: "minimax-code/minimax-m3:high",
+		architect: "minimax-code/minimax-m3:xhigh",
 	}),
 	profile("minimax-pro", ["minimax-code"], {
-		default: "minimax-code/minimax-v3:xhigh",
-		executor: "minimax-code/minimax-v3:medium",
-		planner: "minimax-code/minimax-v3:high",
-		critic: "minimax-code/minimax-v3:xhigh",
-		architect: "minimax-code/minimax-v3:xhigh",
+		default: "minimax-code/minimax-m3:xhigh",
+		executor: "minimax-code/minimax-m3:medium",
+		planner: "minimax-code/minimax-m3:high",
+		critic: "minimax-code/minimax-m3:xhigh",
+		architect: "minimax-code/minimax-m3:xhigh",
 	}),
 	profile("opus-codex", ["anthropic", "openai-codex"], {
 		default: "anthropic/claude-opus-4-8:xhigh",

package/src/config/model-registry.ts

@@ -35,6 +35,7 @@ import { $pickenv, isRecord, logger } from "@gajae-code/utils";
 import { parseModelString, resolveProviderModelReference } from "../config/model-resolver";
 import { isValidThemeColor, type ThemeColor } from "../modes/theme/theme";
 import type { AuthStorage, OAuthCredential } from "../session/auth-storage";
+import type { ActiveSearchModelContext, WebSearchMode } from "../web/search/types";
 import { type ConfigError, ConfigFile } from "./config-file";
 import {
 	buildCanonicalModelIndex,
@@ -910,7 +911,7 @@ function finalizeCustomModel(model: CustomModelOverlay, options: CustomModelBuil
 	const output = resolvedModel.output ?? reference?.output;
 	return enrichModelThinking({
 		id: resolvedModel.id,
-		name: resolvedModel.name ?? (options.useDefaults ? resolvedModel.id : undefined),
+		name: resolvedModel.name ?? reference?.name ?? (options.useDefaults ? resolvedModel.id : undefined),
 		api: resolvedModel.api,
 		provider: resolvedModel.provider,
 		baseUrl: resolvedModel.baseUrl,
@@ -964,6 +965,7 @@ export class ModelRegistry {
 	#models: Model<Api>[] = [];
 	#canonicalIndex: CanonicalModelIndex = { records: [], byId: new Map(), bySelector: new Map() };
 	#customProviderApiKeys: Map<string, string> = new Map();
+	#providerWebSearchModes: Map<string, WebSearchMode> = new Map();
 	#keylessProviders: Set<string> = new Set();
 	#discoverableProviders: DiscoveryProviderConfig[] = [];
 	#customModelOverlays: CustomModelOverlay[] = [];
@@ -1073,6 +1075,7 @@ export class ModelRegistry {
 		}
 		this.#modelsConfigFile.invalidate();
 		this.#customProviderApiKeys.clear();
+		this.#providerWebSearchModes.clear();
 		this.#keylessProviders.clear();
 		this.#discoverableProviders = [];
 		// Drop config-sourced apiKeys from AuthStorage before reload; entries
@@ -1390,6 +1393,7 @@ export class ModelRegistry {
 		const configuredProviders = new Set(Object.keys(value.providers ?? {}));
 
 		for (const [providerName, providerConfig] of providerEntries) {
+			if (providerConfig.webSearch) this.#providerWebSearchModes.set(providerName, providerConfig.webSearch);
 			const providerApiKeyConfig = providerConfig.apiKey ?? resolveApiKeyEnvConfig(providerConfig.apiKeyEnv);
 			// Always set overrides when baseUrl/headers/apiKey/authHeader/compat/disableStrictTools/transport are present
 			if (
@@ -2441,6 +2445,22 @@ export class ModelRegistry {
 		);
 	}
 
+	getProviderWebSearchMode(provider: string): WebSearchMode | undefined {
+		return this.#providerWebSearchModes.get(provider);
+	}
+
+	getActiveSearchModelContext(model: Model<Api>): ActiveSearchModelContext {
+		return {
+			provider: model.provider,
+			modelId: model.id,
+			wireModelId: model.wireModelId,
+			api: model.api,
+			baseUrl: model.baseUrl,
+			headers: model.headers,
+			webSearch: this.getProviderWebSearchMode(model.provider),
+		};
+	}
+
 	/**
 	 * Get API key for a model.
 	 */

package/src/config/models-config-schema.ts

@@ -218,6 +218,7 @@ const ProviderConfigSchema = z
 			.optional(),
 		headers: z.record(z.string(), z.string()).optional(),
 		compat: OpenAICompatSchema.optional(),
+		webSearch: z.enum(["on", "off", "auto"]).optional(),
 		authHeader: z.boolean().optional(),
 		auth: ProviderAuthSchema.optional(),
 		discovery: ProviderDiscoverySchema.optional(),