@martian-engineering/lossless-claw 0.5.2 → 0.6.0

package/src/summarize.ts

@@ -20,8 +20,32 @@ export type LcmSummarizerLegacyParams = {
   authProfileId?: unknown;
 };
 
+type SummaryResolutionCandidate = {
+  levelName: string;
+  modelRef: string;
+  providerHint?: string;
+  hasExplicitProvider: boolean;
+  useLegacyAuthProfile: boolean;
+};
+
+type ResolvedSummaryCandidate = SummaryResolutionCandidate & {
+  provider: string;
+  model: string;
+};
+
+function buildSummarizerBreakerKey(params: {
+  candidate: ResolvedSummaryCandidate;
+  legacyAuthProfileId?: string;
+}): string {
+  const authProfileId = params.candidate.useLegacyAuthProfile
+    ? (params.legacyAuthProfileId ?? "-")
+    : "-";
+  return `provider:${params.candidate.provider};model:${params.candidate.model};authProfile:${authProfileId}`;
+}
+
 type SummaryMode = "normal" | "aggressive";
 
+const DEFAULT_LEAF_TARGET_TOKENS = 2400;
 const DEFAULT_CONDENSED_TARGET_TOKENS = 2000;
 const LCM_SUMMARIZER_SYSTEM_PROMPT =
   "You are a context-compaction summarization engine. Follow user instructions exactly and return plain text summary content only.";
@@ -35,6 +59,18 @@ const AUTH_ERROR_TEXT_PATTERN =
   /\b401\b|unauthorized|unauthorised|invalid[_ -]?token|invalid[_ -]?api[_ -]?key|authentication failed|authorization failed|missing scope|insufficient scope|model\.request\b/i;
 const AUTH_ERROR_STATUS_KEYS = ["status", "statusCode", "status_code"] as const;
 const AUTH_ERROR_NESTED_KEYS = ["error", "response", "cause", "details", "data", "body"] as const;
+const AUTH_ERROR_TOP_LEVEL_KEYS = [
+  "error",
+  "errorMessage",
+  "status",
+  "statusCode",
+  "status_code",
+  "code",
+  "details",
+  "cause",
+  "data",
+  "body",
+] as const;
 
 type ProviderAuthFailure = {
   statusCode?: number;
@@ -188,6 +224,15 @@ function collectBlockTypes(value: unknown, out: Set<string>): void {
   }
 }
 
+/** Treat provider reasoning/thinking payloads as diagnostics, not summary text. */
+function isReasoningLikeType(type: unknown): boolean {
+  if (typeof type !== "string") {
+    return false;
+  }
+  const normalized = type.trim().toLowerCase();
+  return normalized.includes("reasoning") || normalized.includes("thinking");
+}
+
 /** Collect text payloads from common provider response shapes. */
 function collectTextLikeFields(value: unknown, out: string[]): void {
   if (Array.isArray(value)) {
@@ -200,7 +245,11 @@ function collectTextLikeFields(value: unknown, out: string[]): void {
     return;
   }
 
-  for (const key of ["text", "output_text", "thinking"]) {
+  if (isReasoningLikeType(value.type)) {
+    return;
+  }
+
+  for (const key of ["text", "output_text"]) {
     appendTextValue(value[key], out);
   }
   for (const key of ["content", "summary", "output", "message", "response"]) {
@@ -384,6 +433,21 @@ function extractAuthFailureStatusCode(value: unknown, depth = 0): number | undef
   return undefined;
 }
 
+function hasTopLevelAuthInspectionKeys(value: Record<string, unknown>): boolean {
+  return AUTH_ERROR_TOP_LEVEL_KEYS.some((key) => key in value);
+}
+
+function looksLikeThrownError(value: Record<string, unknown>): boolean {
+  return (
+    (typeof value.name === "string" && /\berror\b/i.test(value.name)) ||
+    "stack" in value ||
+    (typeof value.message === "string" &&
+      !("content" in value) &&
+      !("response" in value) &&
+      !("output" in value))
+  );
+}
+
 function pickAuthInspectionValue(value: unknown): unknown {
   if (!isRecord(value)) {
     return value;
@@ -393,26 +457,43 @@ function pickAuthInspectionValue(value: unknown): unknown {
   }
 
   const subset: Record<string, unknown> = {};
-  for (const key of [
-    "error",
-    "errorMessage",
-    "message",
-    "status",
-    "statusCode",
-    "status_code",
-    "code",
-    "details",
-    "response",
-    "cause",
-  ]) {
+  const hasTopLevelAuthKeys = hasTopLevelAuthInspectionKeys(value);
+  const errorLike = value instanceof Error || looksLikeThrownError(value);
+
+  for (const key of AUTH_ERROR_TOP_LEVEL_KEYS) {
     if (key in value) {
       subset[key] = value[key];
     }
   }
-  return Object.keys(subset).length > 0 ? subset : value;
+
+  // Only inspect top-level message payloads when the envelope already looks
+  // error-shaped. Successful summary responses also use `message`.
+  if ((hasTopLevelAuthKeys || errorLike) && "message" in value) {
+    subset.message = value.message;
+  }
+
+  // `response` can carry either an error payload or successful summary text.
+  // Include it only when the surrounding or nested shape already looks like an
+  // error envelope.
+  if ("response" in value) {
+    const response = value.response;
+    if (
+      hasTopLevelAuthKeys ||
+      (isRecord(response) && hasTopLevelAuthInspectionKeys(response)) ||
+      (isRecord(response) && looksLikeThrownError(response))
+    ) {
+      subset.response = response;
+    }
+  }
+
+  return Object.keys(subset).length > 0 ? subset : {};
 }
 
-function extractProviderAuthFailure(value: unknown): ProviderAuthFailure | undefined {
+/** @internal Exported for testing only. */
+export function extractProviderAuthFailure(
+  value: unknown,
+  opts?: { requireStructuralSignal?: boolean },
+): ProviderAuthFailure | undefined {
   const inspectValue = pickAuthInspectionValue(value);
   const statusCode = extractAuthFailureStatusCode(inspectValue);
   const textParts: string[] = [];
@@ -422,7 +503,20 @@ function extractProviderAuthFailure(value: unknown): ProviderAuthFailure | undef
   const hasScopeSignal =
     missingModelRequestScope || /\b(missing|insufficient)\s+scope\b/i.test(normalizedMessage);
 
-  if (statusCode !== 401 && !hasScopeSignal && !AUTH_ERROR_TEXT_PATTERN.test(normalizedMessage)) {
+  // When requireStructuralSignal is set (e.g. checking a successful API response
+  // rather than a caught error), only detect auth failures that have a concrete
+  // structural indicator (HTTP 401 status code or an explicit provider_auth error
+  // kind).  Plain text matches in the response body are NOT sufficient — the LLM
+  // summary content may legitimately discuss auth errors without being one.
+  const hasExplicitErrorKind =
+    isRecord(value) && isRecord((value as Record<string, unknown>).error) &&
+    ((value as Record<string, unknown>).error as Record<string, unknown>).kind === "provider_auth";
+
+  if (opts?.requireStructuralSignal) {
+    if (statusCode !== 401 && !hasExplicitErrorKind) {
+      return undefined;
+    }
+  } else if (statusCode !== 401 && !hasScopeSignal && !AUTH_ERROR_TEXT_PATTERN.test(normalizedMessage)) {
     return undefined;
   }
 
@@ -517,6 +611,15 @@ function extractResponseDiagnostics(result: unknown): string {
   if (typeof result.provider === "string" && result.provider.trim()) {
     parts.push(`resp_provider=${result.provider.trim()}`);
   }
+  if (typeof result.status === "string" && result.status.trim()) {
+    parts.push(`status=${result.status.trim()}`);
+  }
+  if (isRecord(result.incomplete_details) && typeof result.incomplete_details.reason === "string") {
+    const reason = result.incomplete_details.reason.trim();
+    if (reason) {
+      parts.push(`incomplete_reason=${reason}`);
+    }
+  }
   for (const key of [
     "request_provider",
     "request_model",
@@ -580,6 +683,50 @@ function extractResponseDiagnostics(result: unknown): string {
   return parts.join("; ");
 }
 
+/** Collect retry-worthy "incomplete" signals from Responses-style envelopes/items. */
+function collectIncompleteResponseSignals(
+  value: unknown,
+  out: Set<string>,
+  label = "response",
+  depth = 0,
+): void {
+  if (depth >= DIAGNOSTIC_MAX_DEPTH) {
+    return;
+  }
+  if (Array.isArray(value)) {
+    value.slice(0, DIAGNOSTIC_MAX_ARRAY_ITEMS).forEach((entry, index) => {
+      collectIncompleteResponseSignals(entry, out, `${label}[${index}]`, depth + 1);
+    });
+    return;
+  }
+  if (!isRecord(value)) {
+    return;
+  }
+
+  if (typeof value.status === "string" && value.status.trim().toLowerCase() === "incomplete") {
+    out.add(`${label}.status=incomplete`);
+  }
+  if (isRecord(value.incomplete_details) && typeof value.incomplete_details.reason === "string") {
+    const reason = value.incomplete_details.reason.trim();
+    if (reason) {
+      out.add(`${label}.reason=${reason}`);
+    }
+  }
+
+  for (const key of ["content", "output", "message", "response", "items"] as const) {
+    if (key in value) {
+      collectIncompleteResponseSignals(value[key], out, `${label}.${key}`, depth + 1);
+    }
+  }
+}
+
+/** Extract retry-worthy incomplete-response diagnostics for provider envelopes/items. */
+function extractIncompleteResponseSignals(value: unknown): string[] {
+  const signals = new Set<string>();
+  collectIncompleteResponseSignals(value, signals);
+  return [...signals].sort((a, b) => a.localeCompare(b));
+}
+
 /**
  * Resolve a practical target token count for leaf and condensed summaries.
  * Aggressive leaf mode intentionally aims lower so compaction converges faster.
@@ -588,6 +735,7 @@ function resolveTargetTokens(params: {
   inputTokens: number;
   mode: SummaryMode;
   isCondensed: boolean;
+  leafTargetTokens: number;
   condensedTargetTokens: number;
 }): number {
   if (params.isCondensed) {
@@ -595,10 +743,12 @@ function resolveTargetTokens(params: {
   }
 
   const { inputTokens, mode } = params;
+  const leafTargetTokens = Math.max(192, params.leafTargetTokens);
   if (mode === "aggressive") {
-    return Math.max(96, Math.min(640, Math.floor(inputTokens * 0.2)));
+    const aggressiveCap = Math.max(96, Math.min(leafTargetTokens, Math.floor(leafTargetTokens * 0.55)));
+    return Math.max(96, Math.min(aggressiveCap, Math.floor(inputTokens * 0.2)));
   }
-  return Math.max(192, Math.min(1200, Math.floor(inputTokens * 0.35)));
+  return Math.max(192, Math.min(leafTargetTokens, Math.floor(inputTokens * 0.35)));
 }
 
 /**
@@ -815,30 +965,47 @@ function buildDeterministicFallbackSummary(text: string, targetTokens: number):
   return `${trimmed.slice(0, maxChars)}\n[LCM fallback summary; truncated for context management]`;
 }
 
-/**
- * Builds a model-backed LCM summarize callback from runtime legacy params.
- *
- * Returns `undefined` when model/provider context is unavailable so callers can
- * choose a fallback summarizer.
- */
-export async function createLcmSummarizeFromLegacyParams(params: {
-  deps: LcmDependencies;
-  legacyParams: LcmSummarizerLegacyParams;
-  customInstructions?: string;
-}): Promise<{ fn: LcmSummarizeFn; model: string } | undefined> {
-  const readModelRef = (value: unknown): string => {
-    if (typeof value === "string") {
-      return value.trim();
+/** Normalize model refs from string or `{ primary }` config shapes. */
+function readModelRef(value: unknown): string {
+  if (typeof value === "string") {
+    return value.trim();
+  }
+  const primary = (value as { primary?: unknown } | undefined)?.primary;
+  return typeof primary === "string" ? primary.trim() : "";
+}
+
+/** Avoid retrying the same resolved provider/model pair across fallback levels. */
+function dedupeResolvedCandidates(
+  candidates: ResolvedSummaryCandidate[],
+): ResolvedSummaryCandidate[] {
+  const seen = new Set<string>();
+  const ordered: ResolvedSummaryCandidate[] = [];
+  for (const candidate of candidates) {
+    const key = `${candidate.provider}\u0000${candidate.model}`;
+    if (seen.has(key)) {
+      continue;
     }
-    const primary = (value as { primary?: unknown } | undefined)?.primary;
-    return typeof primary === "string" ? primary.trim() : "";
-  };
+    seen.add(key);
+    ordered.push(candidate);
+  }
+  return ordered;
+}
 
+/** Resolve ordered summarizer candidates from env, plugin config, defaults, and session hints. */
+function resolveSummaryCandidates(params: {
+  deps: LcmDependencies;
+  legacyParams: LcmSummarizerLegacyParams;
+}): ResolvedSummaryCandidate[] {
+  const providerHint =
+    typeof params.legacyParams.provider === "string" ? params.legacyParams.provider.trim() : "";
+  const modelHint =
+    typeof params.legacyParams.model === "string" ? params.legacyParams.model.trim() : "";
   const runtimeConfig =
     params.legacyParams.config && typeof params.legacyParams.config === "object"
       ? (params.legacyParams.config as {
           agents?: {
             defaults?: {
+              model?: unknown;
               compaction?: {
                 model?: unknown;
               };
@@ -853,91 +1020,121 @@ export async function createLcmSummarizeFromLegacyParams(params: {
           };
         })
       : undefined;
-
   const nestedPluginConfig = runtimeConfig?.plugins?.entries?.["lossless-claw"]?.config;
 
-  const summaryLevels = [
+  const resolutionCandidates: SummaryResolutionCandidate[] = [
     {
       levelName: "environment variables",
-      model: process.env.LCM_SUMMARY_MODEL?.trim() ?? "",
-      provider: process.env.LCM_SUMMARY_PROVIDER?.trim() ?? "",
+      modelRef: process.env.LCM_SUMMARY_MODEL?.trim() ?? "",
+      providerHint:
+        process.env.LCM_SUMMARY_PROVIDER?.trim() ||
+        (providerHint || undefined),
+      hasExplicitProvider: Boolean(process.env.LCM_SUMMARY_PROVIDER?.trim()),
+      useLegacyAuthProfile: false,
     },
     {
       levelName: "plugin config (lossless-claw)",
-      model: readModelRef(nestedPluginConfig?.summaryModel),
-      provider: typeof nestedPluginConfig?.summaryProvider === "string" ? nestedPluginConfig.summaryProvider.trim() : "",
+      modelRef: readModelRef(nestedPluginConfig?.summaryModel),
+      providerHint:
+        (typeof nestedPluginConfig?.summaryProvider === "string"
+          ? nestedPluginConfig.summaryProvider.trim()
+          : "") || (providerHint || undefined),
+      hasExplicitProvider: Boolean(
+        typeof nestedPluginConfig?.summaryProvider === "string" &&
+          nestedPluginConfig.summaryProvider.trim(),
+      ),
+      useLegacyAuthProfile: false,
     },
     {
       levelName: "OpenClaw agents.defaults.compaction.model",
-      model: readModelRef(runtimeConfig?.agents?.defaults?.compaction?.model),
-      provider: "",
+      modelRef: readModelRef(runtimeConfig?.agents?.defaults?.compaction?.model),
+      providerHint: undefined,
+      hasExplicitProvider: false,
+      useLegacyAuthProfile: false,
+    },
+    {
+      levelName: "OpenClaw agents.defaults.model",
+      modelRef: readModelRef(runtimeConfig?.agents?.defaults?.model),
+      providerHint: undefined,
+      hasExplicitProvider: false,
+      useLegacyAuthProfile: false,
+    },
+    {
+      levelName: "legacy runtime/session model",
+      modelRef: modelHint,
+      providerHint: providerHint || undefined,
+      hasExplicitProvider: Boolean(providerHint),
+      useLegacyAuthProfile: true,
     },
   ];
 
-  let resolvedSummary: { model: string; provider: string | undefined } | undefined;
-  for (const level of summaryLevels) {
-    if (!level.model) continue;
-    if (level.model.includes("/")) {
-      resolvedSummary = { model: level.model, provider: undefined };
-      break;
+  const resolvedCandidates: ResolvedSummaryCandidate[] = [];
+  for (const candidate of resolutionCandidates) {
+    if (!candidate.modelRef) {
+      continue;
     }
-    if (level.provider) {
-      resolvedSummary = { model: level.model, provider: level.provider };
-      break;
+    if (!candidate.modelRef.includes("/") && !candidate.hasExplicitProvider) {
+      params.deps.log.warn(
+        `[lcm] summaryModel "${candidate.modelRef}" at "${candidate.levelName}" has no summaryProvider or provider prefix. Will attempt resolution without provider.`,
+      );
+    }
+    try {
+      const resolved = params.deps.resolveModel(candidate.modelRef, candidate.providerHint);
+      if (resolved.provider && resolved.model) {
+        resolvedCandidates.push({
+          ...candidate,
+          provider: resolved.provider,
+          model: resolved.model,
+        });
+      }
+    } catch (err) {
+      console.error(
+        `[lcm] createLcmSummarize: resolveModel FAILED at ${candidate.levelName}:`,
+        err instanceof Error ? err.message : err,
+      );
     }
-    params.deps.log.warn(
-      `[lcm] summaryModel "${level.model}" at "${level.levelName}" has no summaryProvider or provider prefix. Will attempt resolution without provider.`
-    );
-    resolvedSummary = { model: level.model, provider: undefined };
-    break;
   }
 
-  const providerHint =
-    typeof params.legacyParams.provider === "string" ? params.legacyParams.provider.trim() : "";
-  const modelHint =
-    typeof params.legacyParams.model === "string" ? params.legacyParams.model.trim() : "";
-  const modelRef = resolvedSummary?.model || modelHint || undefined;
-
-  const resolveProviderHint =
-    resolvedSummary !== undefined
-      ? (
-          resolvedSummary.provider ||
-          (!resolvedSummary.model.includes("/") ? (providerHint || undefined) : undefined)
-        )
-      : (providerHint || undefined);
+  return dedupeResolvedCandidates(resolvedCandidates);
+}
 
-  let resolved: { provider: string; model: string };
-  try {
-    resolved = params.deps.resolveModel(modelRef, resolveProviderHint);
-  } catch (err) {
-    console.error(`[lcm] createLcmSummarize: resolveModel FAILED:`, err instanceof Error ? err.message : err);
+/**
+ * Builds a model-backed LCM summarize callback from runtime legacy params.
+ *
+ * Returns `undefined` when model/provider context is unavailable so callers can
+ * choose a fallback summarizer.
+ */
+export async function createLcmSummarizeFromLegacyParams(params: {
+  deps: LcmDependencies;
+  legacyParams: LcmSummarizerLegacyParams;
+  customInstructions?: string;
+}): Promise<{ fn: LcmSummarizeFn; model: string; breakerKey: string } | undefined> {
+  const resolvedCandidates = resolveSummaryCandidates(params);
+  if (resolvedCandidates.length === 0) {
+    console.error("[lcm] createLcmSummarize: no summary model candidates resolved");
     return undefined;
   }
 
-  const { provider, model } = resolved;
-  if (!provider || !model) {
-    console.error(`[lcm] createLcmSummarize: empty provider="${provider}" or model="${model}"`);
-    return undefined;
-  }
   const legacyAuthProfileId =
     typeof params.legacyParams.authProfileId === "string" &&
     params.legacyParams.authProfileId.trim()
       ? params.legacyParams.authProfileId.trim()
       : undefined;
-  // When LCM selects a dedicated summarizer model/provider, do not leak the
-  // active session's auth profile into that separate credential lookup.
-  const authProfileId = resolvedSummary === undefined ? legacyAuthProfileId : undefined;
   const agentDir =
     typeof params.legacyParams.agentDir === "string" && params.legacyParams.agentDir.trim()
       ? params.legacyParams.agentDir.trim()
       : undefined;
-  const providerApi = resolveProviderApiFromLegacyConfig(params.legacyParams.config, provider);
 
   const condensedTargetTokens =
     Number.isFinite(params.deps.config.condensedTargetTokens) &&
     params.deps.config.condensedTargetTokens > 0
       ? params.deps.config.condensedTargetTokens
       : DEFAULT_CONDENSED_TARGET_TOKENS;
+  const leafTargetTokens =
+    Number.isFinite(params.deps.config.leafTargetTokens) &&
+    params.deps.config.leafTargetTokens > 0
+      ? params.deps.config.leafTargetTokens
+      : DEFAULT_LEAF_TARGET_TOKENS;
 
   const fn: LcmSummarizeFn = async (
     text: string,
@@ -950,15 +1147,11 @@ export async function createLcmSummarizeFromLegacyParams(params: {
 
     const mode: SummaryMode = aggressive ? "aggressive" : "normal";
     const isCondensed = options?.isCondensed === true;
-    const apiKey = await params.deps.getApiKey(provider, model, {
-      profileId: authProfileId,
-      agentDir,
-      runtimeConfig: params.legacyParams.config,
-    });
     const targetTokens = resolveTargetTokens({
       inputTokens: estimateTokens(text),
       mode,
       isCondensed,
+      leafTargetTokens,
       condensedTargetTokens,
     });
     const prompt = isCondensed
@@ -980,96 +1173,30 @@ export async function createLcmSummarizeFromLegacyParams(params: {
           customInstructions: params.customInstructions,
         });
 
-    let result: Awaited<ReturnType<typeof params.deps.complete>>;
-    try {
-      result = await withTimeout(params.deps.complete({
-        provider,
-        model,
-        apiKey,
-        providerApi,
-        authProfileId,
+    let lastAuthError: LcmProviderAuthError | undefined;
+
+    for (let index = 0; index < resolvedCandidates.length; index += 1) {
+      const candidate = resolvedCandidates[index]!;
+      const provider = candidate.provider;
+      const model = candidate.model;
+      const nextCandidate = index < resolvedCandidates.length - 1 ? resolvedCandidates[index + 1]! : undefined;
+      const authProfileId = candidate.useLegacyAuthProfile ? legacyAuthProfileId : undefined;
+      const providerApi = resolveProviderApiFromLegacyConfig(params.legacyParams.config, provider);
+      const lookupOptions = {
+        profileId: authProfileId,
         agentDir,
         runtimeConfig: params.legacyParams.config,
-        system: LCM_SUMMARIZER_SYSTEM_PROMPT,
-        messages: [
-          {
-            role: "user",
-            content: prompt,
-          },
-        ],
-        maxTokens: targetTokens,
-      }), SUMMARIZER_TIMEOUT_MS, "initial");
-    } catch (err) {
-      const authFailure = extractProviderAuthFailure(err);
-      if (authFailure) {
-        const authError = new LcmProviderAuthError({ provider, model, failure: authFailure });
-        console.warn(authError.message);
-        throw authError;
-      }
-      const errMsg = err instanceof Error ? err.message : String(err);
-      const isTimeout = errMsg.includes("summarizer timeout");
-      console.warn(
-        `[lcm] summarizer ${isTimeout ? "timed out" : "failed"}; provider=${provider}; model=${model}; timeout=${SUMMARIZER_TIMEOUT_MS}ms; error=${errMsg}`,
-      );
-      if (err instanceof SummarizerTimeoutError) {
-        console.error(
-          `[lcm] summarizer timed out; provider=${provider}; model=${model}; source=fallback`,
-        );
-        return buildDeterministicFallbackSummary(text, targetTokens);
-      }
-      return "";
-    }
-
-    const authFailure = extractProviderAuthFailure(result);
-    if (authFailure) {
-      const authError = new LcmProviderAuthError({ provider, model, failure: authFailure });
-      console.warn(authError.message);
-      throw authError;
-    }
-
-    const normalized = normalizeCompletionSummary(result.content);
-    let summary = normalized.summary;
-    let summarySource: "content" | "envelope" | "retry" | "fallback" = "content";
-
-    // --- Empty-summary hardening: envelope → retry → deterministic fallback ---
-    if (!summary) {
-      // Envelope-aware extraction: some providers place summary text in
-      // top-level response fields (output, message, response) rather than
-      // inside the content array.  Re-run normalization against the full
-      // response envelope before spending an API call on a retry.
-      const envelopeNormalized = normalizeCompletionSummary(result);
-      if (envelopeNormalized.summary) {
-        summary = envelopeNormalized.summary;
-        summarySource = "envelope";
-        console.error(
-          `[lcm] recovered summary from response envelope; provider=${provider}; model=${model}; ` +
-            `block_types=${formatBlockTypes(envelopeNormalized.blockTypes)}; source=envelope`,
-        );
-      }
-    }
-
-    if (!summary) {
-      const responseDiag = extractResponseDiagnostics(result);
-      const diagParts = [
-        `[lcm] empty normalized summary on first attempt`,
-        `provider=${provider}`,
-        `model=${model}`,
-        `block_types=${formatBlockTypes(normalized.blockTypes)}`,
-        `response_blocks=${result.content.length}`,
-      ];
-      if (responseDiag) {
-        diagParts.push(responseDiag);
-      }
-      console.error(`${diagParts.join("; ")}; retrying with conservative settings`);
-
-      // Single retry with conservative parameters: low temperature and low
-      // reasoning budget to coax a textual response from providers that
-      // sometimes return reasoning-only or empty blocks on the first pass.
-      try {
-        const retryResult = await withTimeout(params.deps.complete({
+      };
+
+      const runSummarizerCall = async (
+        requestApiKey: string | undefined,
+        label: string,
+        reasoning?: string,
+      ) =>
+        withTimeout(params.deps.complete({
           provider,
           model,
-          apiKey,
+          apiKey: requestApiKey,
           providerApi,
           authProfileId,
           agentDir,
@@ -1082,68 +1209,270 @@ export async function createLcmSummarizeFromLegacyParams(params: {
             },
           ],
           maxTokens: targetTokens,
-          reasoning: "low",
-        }), SUMMARIZER_TIMEOUT_MS, "retry");
-        const retryAuthFailure = extractProviderAuthFailure(retryResult);
-        if (retryAuthFailure) {
-          console.warn(buildProviderAuthWarning({ provider, model, failure: retryAuthFailure }));
-          return "";
-        }
+          ...(reasoning ? { reasoning } : {}),
+        }), SUMMARIZER_TIMEOUT_MS, label);
+
+      const retryWithoutModelAuth = async (
+        failure: ProviderAuthFailure,
+        reasoning?: string,
+      ): Promise<Awaited<ReturnType<typeof params.deps.complete>>> => {
+        const initialAuthError = new LcmProviderAuthError({ provider, model, failure });
+        console.warn(initialAuthError.message);
+        console.warn(
+          `[lcm] summarizer auth retry: retrying ${provider}/${model} without runtime.modelAuth credentials.`,
+        );
 
-        const retryNormalized = normalizeCompletionSummary(retryResult.content);
-        summary = retryNormalized.summary;
+        const directApiKey = await params.deps.getApiKey(provider, model, {
+          ...lookupOptions,
+          skipModelAuth: true,
+        });
+        if (!directApiKey) {
+          console.warn(
+            `[lcm] summarizer auth retry unavailable: no direct credentials found for ${provider}/${model}.`,
+          );
+          throw initialAuthError;
+        }
 
-        if (summary) {
-          summarySource = "retry";
-          console.error(
-            `[lcm] retry succeeded; provider=${provider}; model=${model}; ` +
-              `block_types=${formatBlockTypes(retryNormalized.blockTypes)}; source=retry`,
+        try {
+          const directResult = await runSummarizerCall(directApiKey, "auth-retry", reasoning);
+          // Use requireStructuralSignal on the retry success path too — the
+          // summary text may legitimately contain auth-error phrases.
+          const directFailure = extractProviderAuthFailure(directResult, {
+            requireStructuralSignal: true,
+          });
+          if (directFailure) {
+            const retryAuthError = new LcmProviderAuthError({
+              provider,
+              model,
+              failure: directFailure,
+            });
+            console.warn(retryAuthError.message);
+            throw retryAuthError;
+          }
+          console.warn(
+            `[lcm] summarizer auth retry succeeded; provider=${provider}; model=${model}; source=direct-credentials`,
           );
-        } else {
-          const retryDiag = extractResponseDiagnostics(retryResult);
-          const retryParts = [
-            `[lcm] retry also returned empty summary`,
-            `provider=${provider}`,
-            `model=${model}`,
-            `block_types=${formatBlockTypes(retryNormalized.blockTypes)}`,
-            `response_blocks=${retryResult.content.length}`,
-          ];
-          if (retryDiag) {
-            retryParts.push(retryDiag);
+          return directResult;
+        } catch (directErr) {
+          if (directErr instanceof LcmProviderAuthError) {
+            throw directErr;
+          }
+          // Catch path: real errors carry structural signals (HTTP 401, error.kind),
+          // so requireStructuralSignal is safe here too.
+          const directFailure = extractProviderAuthFailure(directErr, {
+            requireStructuralSignal: true,
+          });
+          if (directFailure) {
+            const retryAuthError = new LcmProviderAuthError({
+              provider,
+              model,
+              failure: directFailure,
+            });
+            console.warn(retryAuthError.message);
+            throw retryAuthError;
+          }
+          throw directErr;
+        }
+      };
+
+      const attemptSummarizerCall = async (
+        label: string,
+        reasoning?: string,
+      ): Promise<Awaited<ReturnType<typeof params.deps.complete>>> => {
+        const apiKey = await params.deps.getApiKey(provider, model, lookupOptions);
+        try {
+          const result = await runSummarizerCall(apiKey, label, reasoning);
+          // Use requireStructuralSignal so that LLM summary text containing
+          // auth-related words (e.g. "provider auth error") is NOT mistaken
+          // for an actual API auth failure.
+          const authFailure = extractProviderAuthFailure(result, {
+            requireStructuralSignal: true,
+          });
+          if (!authFailure) {
+            return result;
+          }
+          return retryWithoutModelAuth(authFailure, reasoning);
+        } catch (err) {
+          const authFailure = extractProviderAuthFailure(err);
+          if (!authFailure) {
+            throw err;
           }
-          console.error(`${retryParts.join("; ")}; falling back to truncation`);
+          return retryWithoutModelAuth(authFailure, reasoning);
         }
-      } catch (retryErr) {
-        const retryAuthFailure = extractProviderAuthFailure(retryErr);
-        if (retryAuthFailure) {
-          console.warn(buildProviderAuthWarning({ provider, model, failure: retryAuthFailure }));
-          return "";
+      };
+
+      let result: Awaited<ReturnType<typeof params.deps.complete>>;
+      try {
+        result = await attemptSummarizerCall("initial");
+      } catch (err) {
+        if (err instanceof LcmProviderAuthError) {
+          lastAuthError = err;
+          if (nextCandidate) {
+            console.warn(
+              `[lcm] summarizer auth fallback: retrying with ${nextCandidate.provider}/${nextCandidate.model} after ${provider}/${model} failed auth.`,
+            );
+            continue;
+          }
+          throw lastAuthError;
         }
-        // Retry is best-effort; log and proceed to deterministic fallback.
-        const retryErrMsg = retryErr instanceof Error ? retryErr.message : String(retryErr);
-        const isRetryTimeout = retryErrMsg.includes("summarizer timeout");
+        const errMsg = err instanceof Error ? err.message : String(err);
+        const isTimeout = errMsg.includes("summarizer timeout");
         console.warn(
-          `[lcm] retry ${isRetryTimeout ? "timed out" : "failed"}; provider=${provider}; model=${model}; timeout=${SUMMARIZER_TIMEOUT_MS}ms; error=${retryErrMsg}; falling back to truncation`,
+          `[lcm] summarizer ${isTimeout ? "timed out" : "failed"}; provider=${provider}; model=${model}; timeout=${SUMMARIZER_TIMEOUT_MS}ms; error=${errMsg}`,
         );
+        if (nextCandidate) {
+          console.warn(
+            `[lcm] summarizer candidate fallback: retrying with ${nextCandidate.provider}/${nextCandidate.model} after ${provider}/${model} ${isTimeout ? "timed out" : "failed"}.`,
+          );
+          continue;
+        }
+        if (err instanceof SummarizerTimeoutError) {
+          console.error(
+            `[lcm] summarizer timed out; provider=${provider}; model=${model}; source=fallback`,
+          );
+          return buildDeterministicFallbackSummary(text, targetTokens);
+        }
+        return "";
       }
-    }
 
-    if (!summary) {
-      summarySource = "fallback";
-      console.error(
-        `[lcm] all extraction attempts exhausted; provider=${provider}; model=${model}; source=fallback`,
-      );
-      return buildDeterministicFallbackSummary(text, targetTokens);
-    }
+      const normalized = normalizeCompletionSummary(result.content);
+      let summary = normalized.summary;
+      let summarySource: "content" | "envelope" | "retry" | "fallback" = "content";
+
+      // --- Empty-summary hardening: envelope → retry → deterministic fallback ---
+      if (!summary) {
+        // Envelope-aware extraction: some providers place summary text in
+        // top-level response fields (output, message, response) rather than
+        // inside the content array.  Re-run normalization against the full
+        // response envelope before spending an API call on a retry.
+        const envelopeNormalized = normalizeCompletionSummary(result);
+        if (envelopeNormalized.summary) {
+          summary = envelopeNormalized.summary;
+          summarySource = "envelope";
+          console.error(
+            `[lcm] recovered summary from response envelope; provider=${provider}; model=${model}; ` +
+              `block_types=${formatBlockTypes(envelopeNormalized.blockTypes)}; source=envelope`,
+          );
+        }
+      }
 
-    if (summarySource !== "content") {
-      console.error(
-        `[lcm] summary resolved via non-content path; provider=${provider}; model=${model}; source=${summarySource}`,
-      );
+      const incompleteSignals = extractIncompleteResponseSignals(result);
+      const initialSummary = summary;
+      const shouldRetryIncompleteSummary = summary.length > 0 && incompleteSignals.length > 0;
+
+      if (!summary || shouldRetryIncompleteSummary) {
+        const responseDiag = extractResponseDiagnostics(result);
+        const diagParts = [
+          shouldRetryIncompleteSummary
+            ? `[lcm] incomplete summary response on first attempt`
+            : `[lcm] empty normalized summary on first attempt`,
+          `provider=${provider}`,
+          `model=${model}`,
+          `block_types=${formatBlockTypes(normalized.blockTypes)}`,
+          `response_blocks=${result.content.length}`,
+        ];
+        if (incompleteSignals.length > 0) {
+          diagParts.push(`incomplete=${incompleteSignals.join(",")}`);
+        }
+        if (responseDiag) {
+          diagParts.push(responseDiag);
+        }
+        console.error(`${diagParts.join("; ")}; retrying with conservative settings`);
+
+        // Single retry with conservative parameters: low temperature and low
+        // reasoning budget to coax a textual response from providers that
+        // sometimes return reasoning-only or empty blocks on the first pass.
+        try {
+          const retryResult = await attemptSummarizerCall("retry", "low");
+          const retryNormalized = normalizeCompletionSummary(retryResult.content);
+          const retryEnvelopeNormalized = retryNormalized.summary
+            ? retryNormalized
+            : normalizeCompletionSummary(retryResult);
+          summary = retryEnvelopeNormalized.summary;
+
+          if (summary) {
+            summarySource = "retry";
+            console.error(
+              `[lcm] retry succeeded; provider=${provider}; model=${model}; ` +
+                `block_types=${formatBlockTypes(retryEnvelopeNormalized.blockTypes)}; source=retry`,
+            );
+          } else {
+            const retryDiag = extractResponseDiagnostics(retryResult);
+            const retryParts = [
+              `[lcm] retry also returned empty summary`,
+              `provider=${provider}`,
+              `model=${model}`,
+              `block_types=${formatBlockTypes(retryEnvelopeNormalized.blockTypes)}`,
+              `response_blocks=${retryResult.content.length}`,
+            ];
+            if (retryDiag) {
+              retryParts.push(retryDiag);
+            }
+            if (nextCandidate) {
+              console.warn(
+                `${retryParts.join("; ")}; retrying with ${nextCandidate.provider}/${nextCandidate.model}`,
+              );
+              continue;
+            }
+            console.error(`${retryParts.join("; ")}; falling back to truncation`);
+            summary = initialSummary;
+          }
+        } catch (retryErr) {
+          if (retryErr instanceof LcmProviderAuthError) {
+            lastAuthError = retryErr;
+            if (nextCandidate) {
+              console.warn(
+                `[lcm] summarizer auth fallback: retrying with ${nextCandidate.provider}/${nextCandidate.model} after ${provider}/${model} failed auth.`,
+              );
+              continue;
+            }
+            throw lastAuthError;
+          }
+          // Retry is best-effort; log and proceed to deterministic fallback.
+          const retryErrMsg = retryErr instanceof Error ? retryErr.message : String(retryErr);
+          const isRetryTimeout = retryErrMsg.includes("summarizer timeout");
+          if (nextCandidate) {
+            console.warn(
+              `[lcm] retry ${isRetryTimeout ? "timed out" : "failed"}; provider=${provider}; model=${model}; timeout=${SUMMARIZER_TIMEOUT_MS}ms; error=${retryErrMsg}; retrying with ${nextCandidate.provider}/${nextCandidate.model}`,
+            );
+            continue;
+          }
+          console.warn(
+            `[lcm] retry ${isRetryTimeout ? "timed out" : "failed"}; provider=${provider}; model=${model}; timeout=${SUMMARIZER_TIMEOUT_MS}ms; error=${retryErrMsg}; falling back to truncation`,
+          );
+          summary = initialSummary;
+        }
+      }
+
+      if (!summary) {
+        summarySource = "fallback";
+        console.error(
+          `[lcm] all extraction attempts exhausted; provider=${provider}; model=${model}; source=fallback`,
+        );
+        return buildDeterministicFallbackSummary(text, targetTokens);
+      }
+
+      if (summarySource !== "content") {
+        console.error(
+          `[lcm] summary resolved via non-content path; provider=${provider}; model=${model}; source=${summarySource}`,
+        );
+      }
+
+      return summary;
     }
 
-    return summary;
+    if (lastAuthError) {
+      throw lastAuthError;
+    }
+    return "";
   };
 
-  return { fn, model };
+  return {
+    fn,
+    model: resolvedCandidates[0]!.model,
+    breakerKey: buildSummarizerBreakerKey({
+      candidate: resolvedCandidates[0]!,
+      legacyAuthProfileId,
+    }),
+  };
 }