@ottocode/server 0.1.173

package/src/runtime/prompt/builder.ts

@@ -0,0 +1,167 @@
+import { providerBasePrompt } from '@ottocode/sdk';
+import { debugLog } from '../debug/index.ts';
+import { composeEnvironmentAndInstructions } from '../context/environment.ts';
+// eslint-disable-next-line @typescript-eslint/consistent-type-imports
+import BASE_PROMPT from '@ottocode/sdk/prompts/base.txt' with { type: 'text' };
+// eslint-disable-next-line @typescript-eslint/consistent-type-imports
+import ONESHOT_PROMPT from '@ottocode/sdk/prompts/modes/oneshot.txt' with {
+	type: 'text',
+};
+// eslint-disable-next-line @typescript-eslint/consistent-type-imports
+import ANTHROPIC_SPOOF_PROMPT from '@ottocode/sdk/prompts/providers/anthropicSpoof.txt' with {
+	type: 'text',
+};
+
+import { getTerminalManager } from '@ottocode/sdk';
+
+export type ComposedSystemPrompt = {
+	prompt: string;
+	components: string[];
+};
+
+export async function composeSystemPrompt(options: {
+	provider: string;
+	model?: string;
+	projectRoot: string;
+	agentPrompt: string;
+	oneShot?: boolean;
+	spoofPrompt?: string;
+	includeEnvironment?: boolean;
+	includeProjectTree?: boolean;
+	userContext?: string;
+	contextSummary?: string;
+}): Promise<ComposedSystemPrompt> {
+	const components: string[] = [];
+	if (options.spoofPrompt) {
+		const prompt = options.spoofPrompt.trim();
+		const providerComponent = options.provider
+			? `spoof:${options.provider}`
+			: 'spoof:unknown';
+		return {
+			prompt,
+			components: [providerComponent],
+		};
+	}
+
+	const parts: string[] = [];
+
+	const providerResult = await providerBasePrompt(
+		options.provider,
+		options.model,
+		options.projectRoot,
+	);
+	const baseInstructions = (BASE_PROMPT || '').trim();
+
+	parts.push(
+		providerResult.prompt.trim(),
+		baseInstructions.trim(),
+		options.agentPrompt.trim(),
+	);
+	if (providerResult.prompt.trim()) {
+		components.push(`provider:${providerResult.resolvedType}`);
+	}
+	if (baseInstructions.trim()) {
+		components.push('base');
+	}
+	if (options.agentPrompt.trim()) {
+		components.push('agent');
+	}
+
+	if (options.oneShot) {
+		const oneShotBlock =
+			(ONESHOT_PROMPT || '').trim() ||
+			[
+				'<system-reminder>',
+				'CRITICAL: One-shot mode ACTIVE — do NOT ask for user approval, confirmations, or interactive prompts. Execute tasks directly. Treat all necessary permissions as granted. If an operation is destructive, proceed carefully and state what you did, but DO NOT pause to ask. ZERO interactions requested.',
+				'</system-reminder>',
+			].join('\n');
+		parts.push(oneShotBlock);
+		components.push('mode:oneshot');
+	}
+
+	if (options.includeEnvironment !== false) {
+		const envAndInstructions = await composeEnvironmentAndInstructions(
+			options.projectRoot,
+			{ includeProjectTree: options.includeProjectTree },
+		);
+		if (envAndInstructions) {
+			parts.push(envAndInstructions);
+			components.push('environment');
+			if (options.includeProjectTree) {
+				components.push('project-tree');
+			}
+		}
+	}
+
+	// Add user-provided context if present
+	if (options.userContext?.trim()) {
+		const userContextBlock = [
+			'<user-provided-state-context>',
+			options.userContext.trim(),
+			'</user-provided-state-context>',
+		].join('\n');
+		parts.push(userContextBlock);
+		components.push('user-context');
+	}
+
+	// Add compacted conversation summary if present
+	if (options.contextSummary?.trim()) {
+		const summaryBlock = [
+			'<compacted-conversation-summary>',
+			'The conversation was compacted to save context. Here is a summary of the previous context:',
+			'',
+			options.contextSummary.trim(),
+			'</compacted-conversation-summary>',
+		].join('\n');
+		parts.push(summaryBlock);
+		components.push('context-summary');
+	}
+
+	// Add terminal context if available
+	const terminalManager = getTerminalManager();
+	if (terminalManager) {
+		const terminalContext = terminalManager.getContext();
+		if (terminalContext) {
+			parts.push(terminalContext);
+			components.push('terminal-context');
+		}
+	}
+
+	const composed = parts.filter(Boolean).join('\n\n').trim();
+	if (composed) {
+		debugLog(`[system] pieces: ${dedupeComponents(components).join(', ')}`);
+		return {
+			prompt: composed,
+			components: dedupeComponents(components),
+		};
+	}
+
+	const fallback = [
+		'You are a concise, friendly coding agent.',
+		'Be precise and actionable. Use tools when needed, prefer small diffs.',
+		'Stream your answer; call finish when done.',
+	].join(' ');
+	return {
+		prompt: fallback,
+		components: dedupeComponents([...components, 'fallback']),
+	};
+}
+
+export function getProviderSpoofPrompt(provider: string): string | undefined {
+	if (provider === 'anthropic') {
+		return (ANTHROPIC_SPOOF_PROMPT || '').trim();
+	}
+	return undefined;
+}
+
+function dedupeComponents(input: string[]): string[] {
+	const seen = new Set<string>();
+	const out: string[] = [];
+	for (const item of input) {
+		if (!item) continue;
+		if (seen.has(item)) continue;
+		seen.add(item);
+		out.push(item);
+	}
+	return out;
+}

package/src/runtime/provider/anthropic.ts

@@ -0,0 +1,50 @@
+import type { OttoConfig } from '@ottocode/sdk';
+import {
+	getAuth,
+	refreshToken,
+	setAuth,
+	createAnthropicOAuthModel,
+	createAnthropicCachingFetch,
+} from '@ottocode/sdk';
+import { createAnthropic } from '@ai-sdk/anthropic';
+import { toClaudeCodeName } from '../tools/mapping.ts';
+
+export async function getAnthropicInstance(cfg: OttoConfig) {
+	const auth = await getAuth('anthropic', cfg.projectRoot);
+
+	if (auth?.type === 'oauth') {
+		let currentAuth = auth;
+
+		if (currentAuth.expires < Date.now()) {
+			const tokens = await refreshToken(currentAuth.refresh);
+			await setAuth(
+				'anthropic',
+				{
+					type: 'oauth',
+					refresh: tokens.refresh,
+					access: tokens.access,
+					expires: tokens.expires,
+				},
+				cfg.projectRoot,
+				'global',
+			);
+			currentAuth = {
+				type: 'oauth',
+				refresh: tokens.refresh,
+				access: tokens.access,
+				expires: tokens.expires,
+			};
+		}
+
+		return (model: string) =>
+			createAnthropicOAuthModel(model, {
+				oauth: currentAuth,
+				toolNameTransformer: toClaudeCodeName,
+			});
+	}
+
+	const cachingFetch = createAnthropicCachingFetch();
+	return createAnthropic({
+		fetch: cachingFetch as typeof fetch,
+	});
+}

package/src/runtime/provider/copilot.ts

@@ -0,0 +1,12 @@
+import { getAuth, createCopilotModel } from '@ottocode/sdk';
+import type { OttoConfig } from '@ottocode/sdk';
+
+export async function resolveCopilotModel(model: string, cfg: OttoConfig) {
+	const auth = await getAuth('copilot', cfg.projectRoot);
+	if (auth?.type === 'oauth') {
+		return createCopilotModel(model, { oauth: auth });
+	}
+	throw new Error(
+		'Copilot provider requires OAuth. Run `otto auth login copilot`.',
+	);
+}

package/src/runtime/provider/google.ts

@@ -0,0 +1,8 @@
+import type { OttoConfig } from '@ottocode/sdk';
+import { getAuth, createGoogleModel } from '@ottocode/sdk';
+
+export async function resolveGoogleModel(model: string, cfg: OttoConfig) {
+	const auth = await getAuth('google', cfg.projectRoot);
+	const apiKey = auth?.type === 'api' ? auth.key : undefined;
+	return createGoogleModel(model, { apiKey });
+}

package/src/runtime/provider/index.ts

@@ -0,0 +1,60 @@
+import type { OttoConfig, ProviderId } from '@ottocode/sdk';
+import { getAnthropicInstance } from './anthropic.ts';
+import { resolveOpenAIModel } from './openai.ts';
+import { resolveGoogleModel } from './google.ts';
+import { resolveOpenRouterModel } from './openrouter.ts';
+import { resolveSetuModel, type ResolveSetuModelOptions } from './setu.ts';
+import { getZaiInstance, getZaiCodingInstance } from './zai.ts';
+import { resolveOpencodeModel } from './opencode.ts';
+import { getMoonshotInstance } from './moonshot.ts';
+import { resolveCopilotModel } from './copilot.ts';
+
+export type ProviderName = ProviderId;
+
+export async function resolveModel(
+	provider: ProviderName,
+	model: string,
+	cfg: OttoConfig,
+	options?: {
+		systemPrompt?: string;
+		sessionId?: string;
+		messageId?: string;
+		topupApprovalMode?: ResolveSetuModelOptions['topupApprovalMode'];
+	},
+) {
+	if (provider === 'openai') {
+		return resolveOpenAIModel(model, cfg);
+	}
+	if (provider === 'anthropic') {
+		const instance = await getAnthropicInstance(cfg);
+		return instance(model);
+	}
+	if (provider === 'google') {
+		return resolveGoogleModel(model, cfg);
+	}
+	if (provider === 'openrouter') {
+		return resolveOpenRouterModel(model);
+	}
+	if (provider === 'opencode') {
+		return resolveOpencodeModel(model, cfg);
+	}
+	if (provider === 'copilot') {
+		return resolveCopilotModel(model, cfg);
+	}
+	if (provider === 'setu') {
+		return await resolveSetuModel(model, options?.sessionId, {
+			messageId: options?.messageId,
+			topupApprovalMode: options?.topupApprovalMode,
+		});
+	}
+	if (provider === 'zai') {
+		return getZaiInstance(cfg, model);
+	}
+	if (provider === 'zai-coding') {
+		return getZaiCodingInstance(cfg, model);
+	}
+	if (provider === 'moonshot') {
+		return getMoonshotInstance(cfg, model);
+	}
+	throw new Error(`Unsupported provider: ${provider}`);
+}

package/src/runtime/provider/moonshot.ts

@@ -0,0 +1,8 @@
+import type { OttoConfig } from '@ottocode/sdk';
+import { getAuth, createMoonshotModel } from '@ottocode/sdk';
+
+export async function getMoonshotInstance(cfg: OttoConfig, model: string) {
+	const auth = await getAuth('moonshot', cfg.projectRoot);
+	const apiKey = auth?.type === 'api' ? auth.key : undefined;
+	return createMoonshotModel(model, { apiKey });
+}

package/src/runtime/provider/oauth-adapter.ts

@@ -0,0 +1,237 @@
+/**
+ * OAuth Provider Adapter
+ *
+ * Consolidates all OAuth-specific LLM call adaptations into one place.
+ * Each OAuth provider has quirks (no system prompt, must stream, needs
+ * spoof prompt, special providerOptions, etc.). Instead of duplicating
+ * that branching logic across every callsite (title gen, compaction,
+ * commit, runner), this module exposes two layers:
+ *
+ * ## Layer 1 — Detection (`detectOAuth`)
+ *   Examines provider + auth and returns an `OAuthContext` describing
+ *   what adaptations are needed. Used by ALL callsites (simple + complex).
+ *
+ * ## Layer 2 — Simple call adaptation (`adaptSimpleCall`)
+ *   For single-shot LLM calls (title gen, compaction, commit) that follow
+ *   the pattern: system + user message → text result.
+ *   Returns a ready-to-spread `AdaptedLLMCall` object.
+ *
+ * ## Adding a new OAuth provider
+ *   1. Add detection branch in `detectOAuth()`
+ *   2. Add adaptation branch in `adaptSimpleCall()`
+ *   3. If the provider needs a custom fetch wrapper, add it under
+ *      `packages/sdk/src/providers/src/<provider>-oauth-client.ts`
+ *   4. Zero changes needed at any callsite.
+ *
+ * ## Architecture
+ *
+ * ```
+ *   callsite (commit.ts, service.ts, compaction-auto.ts, runner-setup.ts)
+ *       │
+ *       ├─ detectOAuth(provider, auth)  →  OAuthContext
+ *       │
+ *       ├─ adaptSimpleCall(ctx, input)  →  AdaptedLLMCall  (title, commit, compaction)
+ *       │
+ *       └─ adaptRunnerCall(ctx, composed, opts)  →  AdaptedRunnerSetup  (main chat)
+ *              │
+ *              ├─ OpenAI OAuth (Codex):  no system, inline instructions,
+ *              │     providerOptions.openai.store=false, forceStream=true
+ *              │
+ *              ├─ Anthropic OAuth:  spoofPrompt as system, instructions
+ *              │     folded into user message, normal maxOutputTokens
+ *              │
+ *              └─ API key (default):  system=instructions, plain user msg
+ * ```
+ */
+import { getProviderSpoofPrompt } from '../prompt/builder.ts';
+import type { SharedV3ProviderOptions } from '@ai-sdk/provider';
+
+export type OAuthContext = {
+	isOAuth: boolean;
+	needsSpoof: boolean;
+	isOpenAIOAuth: boolean;
+	spoofPrompt: string | undefined;
+};
+
+/**
+ * Detect OAuth mode for a provider and return flags describing
+ * what adaptations are needed. This replaces the 4-line pattern
+ * that was previously copy-pasted at every callsite:
+ *
+ *   const isOAuth = auth?.type === 'oauth';
+ *   const needsSpoof = isOAuth && provider === 'anthropic';
+ *   const isOpenAIOAuth = isOAuth && provider === 'openai';
+ *   const spoofPrompt = needsSpoof ? getProviderSpoofPrompt(...) : undefined;
+ */
+export function detectOAuth(
+	provider: string,
+	auth: { type: string } | null | undefined,
+): OAuthContext {
+	const isOAuth = auth?.type === 'oauth';
+	const needsSpoof = !!isOAuth && provider === 'anthropic';
+	const isCopilot = provider === 'copilot';
+	return {
+		isOAuth: !!isOAuth || isCopilot,
+		needsSpoof,
+		isOpenAIOAuth: (!!isOAuth && provider === 'openai') || isCopilot,
+		spoofPrompt: needsSpoof ? getProviderSpoofPrompt(provider) : undefined,
+	};
+}
+
+/**
+ * Build OpenAI Codex-specific providerOptions.
+ * Codex requires `store: false` and passes the system prompt via
+ * `instructions` instead of the normal `system` field.
+ *
+ * Used directly by runner-setup.ts (complex flow) and indirectly
+ * by adaptSimpleCall (simple flows).
+ */
+export function buildCodexProviderOptions(instructions: string) {
+	return {
+		openai: { store: false as const, instructions },
+	};
+}
+
+export type AdaptedLLMCall = {
+	system?: string;
+	messages: Array<{ role: 'user'; content: string }>;
+	maxOutputTokens?: number;
+	providerOptions?: SharedV3ProviderOptions;
+	forceStream: boolean;
+};
+
+/**
+ * Adapt a simple (single-shot) LLM call for the current OAuth context.
+ *
+ * Takes raw `instructions` (what would normally be the system prompt) and
+ * `userContent`, then returns the correct shape for the provider:
+ *
+ * - **OpenAI OAuth (Codex)**: no system prompt, instructions baked into
+ *   user message AND providerOptions.openai.instructions, forceStream=true,
+ *   no maxOutputTokens (Codex doesn't support it).
+ *
+ * - **Anthropic OAuth**: spoof prompt as system, real instructions folded
+ *   into user message, normal maxOutputTokens.
+ *
+ * - **API key (default)**: instructions as system, plain user message,
+ *   normal maxOutputTokens.
+ *
+ * Callsites just spread the result into streamText/generateText:
+ * ```ts
+ * const adapted = adaptSimpleCall(oauth, { instructions, userContent });
+ * const result = streamText({ model, ...adapted }); // almost — see forceStream
+ * ```
+ */
+export function adaptSimpleCall(
+	ctx: OAuthContext,
+	input: {
+		instructions: string;
+		userContent: string;
+		maxOutputTokens?: number;
+	},
+): AdaptedLLMCall {
+	if (ctx.isOpenAIOAuth) {
+		return {
+			messages: [
+				{
+					role: 'user',
+					content: `${input.instructions}\n\n${input.userContent}`,
+				},
+			],
+			providerOptions: buildCodexProviderOptions(input.instructions),
+			forceStream: true,
+		};
+	}
+
+	if (ctx.needsSpoof && ctx.spoofPrompt) {
+		return {
+			system: ctx.spoofPrompt,
+			messages: [
+				{
+					role: 'user',
+					content: `${input.instructions}\n\n${input.userContent}`,
+				},
+			],
+			maxOutputTokens: input.maxOutputTokens,
+			forceStream: false,
+		};
+	}
+
+	return {
+		system: input.instructions,
+		messages: [{ role: 'user', content: input.userContent }],
+		maxOutputTokens: input.maxOutputTokens,
+		forceStream: false,
+	};
+}
+
+export type AdaptedRunnerSetup = {
+	system: string;
+	systemComponents: string[];
+	additionalSystemMessages: Array<{
+		role: 'system' | 'user';
+		content: string;
+	}>;
+	maxOutputTokens: number | undefined;
+	providerOptions: SharedV3ProviderOptions;
+};
+
+/**
+ * Adapt the main chat runner's system prompt placement, maxOutputTokens,
+ * and providerOptions based on the OAuth context.
+ *
+ * Unlike `adaptSimpleCall` (which builds the full message), this only
+ * decides WHERE the already-composed system prompt goes:
+ *
+ * - **OpenAI OAuth (Codex)**: system='', composed prompt sent as a user
+ *   message in additionalSystemMessages, providerOptions with store=false
+ *   + instructions, maxOutputTokens stripped.
+ *
+ * - **Anthropic OAuth**: spoof prompt as system, composed prompt sent as
+ *   an additional system message. Normal maxOutputTokens.
+ *
+ * - **API key (default)**: composed prompt IS the system prompt directly.
+ *   No additional messages needed.
+ *
+ * ```ts
+ * const composed = await composeSystemPrompt({ ... });
+ * const adapted = adaptRunnerCall(oauth, composed, { provider, rawMaxOutputTokens });
+ * // adapted.system, adapted.additionalSystemMessages, adapted.providerOptions ready to use
+ * ```
+ */
+export function adaptRunnerCall(
+	ctx: OAuthContext,
+	composed: { prompt: string; components: string[] },
+	opts: {
+		provider: string;
+		rawMaxOutputTokens: number | undefined;
+	},
+): AdaptedRunnerSetup {
+	if (ctx.spoofPrompt) {
+		return {
+			system: ctx.spoofPrompt,
+			systemComponents: [`spoof:${opts.provider || 'unknown'}`],
+			additionalSystemMessages: [{ role: 'system', content: composed.prompt }],
+			maxOutputTokens: opts.rawMaxOutputTokens,
+			providerOptions: {},
+		};
+	}
+
+	if (ctx.isOpenAIOAuth) {
+		return {
+			system: '',
+			systemComponents: composed.components,
+			additionalSystemMessages: [{ role: 'user', content: composed.prompt }],
+			maxOutputTokens: undefined,
+			providerOptions: buildCodexProviderOptions(composed.prompt),
+		};
+	}
+
+	return {
+		system: composed.prompt,
+		systemComponents: composed.components,
+		additionalSystemMessages: [],
+		maxOutputTokens: opts.rawMaxOutputTokens,
+		providerOptions: {},
+	};
+}

package/src/runtime/provider/openai.ts

@@ -0,0 +1,18 @@
+import type { OttoConfig } from '@ottocode/sdk';
+import { getAuth, createOpenAIOAuthModel } from '@ottocode/sdk';
+import { openai, createOpenAI } from '@ai-sdk/openai';
+
+export async function resolveOpenAIModel(model: string, cfg: OttoConfig) {
+	const auth = await getAuth('openai', cfg.projectRoot);
+	if (auth?.type === 'oauth') {
+		return createOpenAIOAuthModel(model, {
+			oauth: auth,
+			projectRoot: cfg.projectRoot,
+		});
+	}
+	if (auth?.type === 'api' && auth.key) {
+		const instance = createOpenAI({ apiKey: auth.key });
+		return instance(model);
+	}
+	return openai(model);
+}

package/src/runtime/provider/opencode.ts

@@ -0,0 +1,7 @@
+import type { OttoConfig } from '@ottocode/sdk';
+import { createOpencodeModel } from '@ottocode/sdk';
+
+export function resolveOpencodeModel(model: string, _cfg: OttoConfig) {
+	const apiKey = process.env.OPENCODE_API_KEY;
+	return createOpencodeModel(model, { apiKey });
+}

package/src/runtime/provider/openrouter.ts

@@ -0,0 +1,7 @@
+import { getOpenRouterInstance, createOpenRouterModel } from '@ottocode/sdk';
+
+export { getOpenRouterInstance };
+
+export function resolveOpenRouterModel(model: string) {
+	return createOpenRouterModel(model);
+}

package/src/runtime/provider/selection.ts

@@ -0,0 +1,118 @@
+import type { OttoConfig } from '@ottocode/sdk';
+import {
+	catalog,
+	type ProviderId,
+	isProviderAuthorized,
+	providerIds,
+	defaultModelFor,
+	hasModel,
+} from '@ottocode/sdk';
+
+const FALLBACK_ORDER: ProviderId[] = [
+	'anthropic',
+	'openai',
+	'google',
+	'opencode',
+	'openrouter',
+	'setu',
+];
+
+type SelectionInput = {
+	cfg: OttoConfig;
+	agentProviderDefault: ProviderId;
+	agentModelDefault: string;
+	explicitProvider?: ProviderId;
+	explicitModel?: string;
+	skipAuth?: boolean;
+};
+
+export type ProviderSelection = {
+	provider: ProviderId;
+	model: string;
+	providerOverride?: ProviderId;
+	modelOverride?: string;
+};
+
+export async function selectProviderAndModel(
+	input: SelectionInput,
+): Promise<ProviderSelection> {
+	const {
+		cfg,
+		agentProviderDefault,
+		agentModelDefault,
+		explicitProvider,
+		explicitModel,
+		skipAuth,
+	} = input;
+
+	const provider = skipAuth
+		? (explicitProvider ?? agentProviderDefault)
+		: await pickAuthorizedProvider({
+				cfg,
+				candidate: explicitProvider ?? agentProviderDefault,
+			});
+
+	if (!provider) {
+		throw new Error(
+			'No authorized providers found. Run `otto auth login` to configure at least one provider.',
+		);
+	}
+
+	const model = resolveModelForProvider({
+		provider,
+		explicitModel,
+		agentModelDefault,
+	});
+
+	const providerOverride =
+		explicitProvider ??
+		(provider !== agentProviderDefault ? provider : undefined);
+	const modelOverride =
+		explicitModel ?? (model !== agentModelDefault ? model : undefined);
+
+	return { provider, model, providerOverride, modelOverride };
+}
+
+async function pickAuthorizedProvider(args: {
+	cfg: OttoConfig;
+	candidate: ProviderId;
+}): Promise<ProviderId | undefined> {
+	const { cfg, candidate } = args;
+	const candidates = uniqueProviders([
+		candidate,
+		...FALLBACK_ORDER,
+		...providerIds,
+	]);
+	for (const provider of candidates) {
+		const ok = await isProviderAuthorized(cfg, provider);
+		if (ok) return provider;
+	}
+	return undefined;
+}
+
+function uniqueProviders(list: ProviderId[]): ProviderId[] {
+	const seen = new Set<ProviderId>();
+	const ordered: ProviderId[] = [];
+	for (const provider of list) {
+		if (!providerIds.includes(provider)) continue;
+		if (seen.has(provider)) continue;
+		seen.add(provider);
+		ordered.push(provider);
+	}
+	return ordered;
+}
+
+function resolveModelForProvider(args: {
+	provider: ProviderId;
+	explicitModel?: string;
+	agentModelDefault: string;
+}): string {
+	const { provider, explicitModel, agentModelDefault } = args;
+	if (explicitModel && hasModel(provider, explicitModel)) return explicitModel;
+	if (hasModel(provider, agentModelDefault)) return agentModelDefault;
+	return (
+		defaultModelFor(provider) ??
+		catalog[provider]?.models?.[0]?.id ??
+		agentModelDefault
+	);
+}