@ouro.bot/cli 0.1.0-alpha.35 → 0.1.0-alpha.350

package/dist/heart/provider-failover.js

@@ -0,0 +1,135 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildFailoverContext = buildFailoverContext;
+exports.handleFailoverReply = handleFailoverReply;
+const provider_models_1 = require("./provider-models");
+const runtime_1 = require("../nerves/runtime");
+const CLASSIFICATION_LABELS = {
+    "auth-failure": "authentication failed",
+    "usage-limit": "hit its usage limit",
+    "rate-limit": "is being rate limited",
+    "server-error": "is experiencing an outage",
+    "network-error": "is unreachable (network error)",
+    "unknown": "encountered an error",
+};
+function formatProviderWithModel(provider, model) {
+    if (!model)
+        return provider;
+    if ((0, provider_models_1.getProviderModelMismatchMessage)(provider, model)) {
+        return `${provider} [configured model: ${model}]`;
+    }
+    return `${provider} (${model})`;
+}
+function formatErrorDetail(errorMessage, errorSummary) {
+    const detail = errorMessage.replace(/\s+/g, " ").trim();
+    if (!detail || detail === errorSummary)
+        return "";
+    return detail.length > 300 ? `${detail.slice(0, 297)}...` : detail;
+}
+function formatFailingProviderLine(provider, classification, agentName) {
+    const authCommand = `ouro auth --agent ${agentName} --provider ${provider}`;
+    switch (classification) {
+        case "auth-failure":
+            return `  - ${provider}: credentials need to be refreshed. Run \`${authCommand}\`.`;
+        case "network-error":
+            return `  - ${provider}: could not be reached. Check network/provider availability; if credentials may be stale, run \`${authCommand}\`.`;
+        case "server-error":
+            return `  - ${provider}: provider outage or server error. Retry later; if it keeps failing, run \`${authCommand}\`.`;
+        case "rate-limit":
+            return `  - ${provider}: rate limited. Wait and retry, or switch to a ready provider below.`;
+        case "usage-limit":
+            return `  - ${provider}: usage limit hit. Wait for quota reset, raise quota, or switch to a ready provider below.`;
+        case "unknown":
+            return `  - ${provider}: could not be reached. Run \`${authCommand}\` if credentials may be stale.`;
+    }
+}
+function buildFailoverContext(errorMessage, classification, currentProvider, currentModel, agentName, inventory, providerModels) {
+    const label = CLASSIFICATION_LABELS[classification];
+    const providerWithModel = formatProviderWithModel(currentProvider, currentModel);
+    const errorSummary = `${providerWithModel} ${label}`;
+    const errorDetail = formatErrorDetail(errorMessage, errorSummary);
+    const modelMismatch = (0, provider_models_1.getProviderModelMismatchMessage)(currentProvider, currentModel);
+    const workingProviders = [];
+    const unconfiguredProviders = [];
+    const failingProviders = [];
+    for (const [provider, result] of Object.entries(inventory)) {
+        if (result.ok) {
+            workingProviders.push(provider);
+        }
+        else if (result.classification === "auth-failure" && result.message === "no credentials configured") {
+            unconfiguredProviders.push(provider);
+        }
+        else {
+            // Configured but ping failed (expired token, provider also down, etc.)
+            failingProviders.push({ provider, classification: result.classification });
+        }
+    }
+    const lines = [`${errorSummary}.`];
+    if (errorDetail) {
+        lines.push(`provider detail: ${errorDetail}`);
+    }
+    if (classification === "auth-failure") {
+        lines.push("");
+        lines.push("To keep using the current provider:");
+        lines.push(`  1. Run \`ouro auth --agent ${agentName} --provider ${currentProvider}\``);
+    }
+    if (modelMismatch) {
+        const defaultModel = (0, provider_models_1.getDefaultModelForProvider)(currentProvider);
+        lines.push("");
+        lines.push("Config warning:");
+        lines.push(`  - ${modelMismatch}`);
+        lines.push("  - Repair the configured model with:");
+        lines.push(`    \`ouro config model --agent ${agentName} --facing human ${defaultModel}\``);
+        lines.push(`    \`ouro config model --agent ${agentName} --facing agent ${defaultModel}\``);
+    }
+    if (workingProviders.length > 0) {
+        lines.push("");
+        lines.push("Ready providers:");
+        for (const provider of workingProviders) {
+            const model = (0, provider_models_1.resolveModelForProviderDisplay)(provider, providerModels[provider]);
+            lines.push(`  - ${provider} (${model}): reply "switch to ${provider}"`);
+        }
+    }
+    if (failingProviders.length > 0) {
+        lines.push("");
+        lines.push("Configured but unavailable:");
+        for (const { provider, classification } of failingProviders) {
+            lines.push(formatFailingProviderLine(provider, classification, agentName));
+        }
+    }
+    if (unconfiguredProviders.length > 0) {
+        lines.push("");
+        lines.push("Not configured:");
+        for (const provider of unconfiguredProviders) {
+            lines.push(`  - ${provider}: run \`ouro auth --agent ${agentName} --provider ${provider}\``);
+        }
+    }
+    if (workingProviders.length === 0 && unconfiguredProviders.length === 0 && failingProviders.length === 0) {
+        lines.push("");
+        lines.push(`No other providers are available. Run \`ouro auth --agent ${agentName}\` in terminal to configure one.`);
+    }
+    (0, runtime_1.emitNervesEvent)({
+        component: "engine",
+        event: "engine.failover_context_built",
+        message: "built provider failover context",
+        meta: { currentProvider, classification, workingProviders, unconfiguredProviders },
+    });
+    return {
+        errorSummary,
+        classification,
+        currentProvider,
+        agentName,
+        workingProviders,
+        unconfiguredProviders,
+        userMessage: lines.join("\n"),
+    };
+}
+function handleFailoverReply(reply, context) {
+    const lower = reply.toLowerCase().trim();
+    for (const provider of context.workingProviders) {
+        if (lower.includes(`switch to ${provider}`) || lower === provider) {
+            return { action: "switch", provider };
+        }
+    }
+    return { action: "dismiss" };
+}

package/dist/heart/provider-models.js

@@ -0,0 +1,81 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_PROVIDER_MODELS = void 0;
+exports.getProviderDisplayName = getProviderDisplayName;
+exports.getDefaultModelForProvider = getDefaultModelForProvider;
+exports.isModelClearlyIncompatibleWithProvider = isModelClearlyIncompatibleWithProvider;
+exports.resolveModelForProviderSelection = resolveModelForProviderSelection;
+exports.resolveModelForProviderDisplay = resolveModelForProviderDisplay;
+exports.getProviderModelMismatchMessage = getProviderModelMismatchMessage;
+const runtime_1 = require("../nerves/runtime");
+exports.DEFAULT_PROVIDER_MODELS = {
+    anthropic: "claude-opus-4-6",
+    azure: "gpt-4o-mini",
+    minimax: "MiniMax-M2.7",
+    "openai-codex": "gpt-5.4",
+    "github-copilot": "claude-sonnet-4.6",
+};
+const PROVIDER_NAMES = {
+    anthropic: "Anthropic",
+    azure: "Azure OpenAI",
+    minimax: "MiniMax",
+    "openai-codex": "OpenAI Codex",
+    "github-copilot": "GitHub Copilot",
+};
+function normalized(model) {
+    return model.trim().toLowerCase();
+}
+function getProviderDisplayName(provider) {
+    return PROVIDER_NAMES[provider];
+}
+function getDefaultModelForProvider(provider) {
+    return exports.DEFAULT_PROVIDER_MODELS[provider];
+}
+function isModelClearlyIncompatibleWithProvider(provider, model) {
+    const value = normalized(model);
+    if (!value)
+        return true;
+    switch (provider) {
+        case "anthropic":
+            return !value.startsWith("claude-");
+        case "minimax":
+            return !value.startsWith("minimax");
+        case "openai-codex":
+            return value.startsWith("claude-") || value.startsWith("minimax");
+        case "azure":
+            return value.startsWith("claude-") || value.startsWith("minimax");
+        case "github-copilot":
+            return false;
+    }
+}
+function resolveModelForProviderSelection(provider, currentModel) {
+    const trimmed = currentModel.trim();
+    if (trimmed && !isModelClearlyIncompatibleWithProvider(provider, trimmed)) {
+        return { model: trimmed, preserved: true };
+    }
+    const model = getDefaultModelForProvider(provider);
+    (0, runtime_1.emitNervesEvent)({
+        component: "config/identity",
+        event: "config_identity.provider_model_defaulted",
+        message: "defaulted provider model during provider selection",
+        meta: { provider, previousModel: currentModel, model },
+    });
+    return { model, preserved: false };
+}
+function resolveModelForProviderDisplay(provider, modelHint) {
+    const hint = modelHint?.trim() ?? "";
+    if (hint && !isModelClearlyIncompatibleWithProvider(provider, hint))
+        return hint;
+    return getDefaultModelForProvider(provider);
+}
+function getProviderModelMismatchMessage(provider, model) {
+    const trimmed = model.trim();
+    if (!isModelClearlyIncompatibleWithProvider(provider, trimmed))
+        return null;
+    const providerName = getProviderDisplayName(provider);
+    const defaultModel = getDefaultModelForProvider(provider);
+    if (!trimmed) {
+        return `${providerName} has no model set. Suggested model: ${defaultModel}.`;
+    }
+    return `${providerName} is currently paired with ${trimmed}, which does not look like a model for ${providerName}. Suggested model: ${defaultModel}.`;
+}

package/dist/heart/provider-ping.js

@@ -0,0 +1,258 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeErrorMessage = sanitizeErrorMessage;
+exports.pingGithubCopilotModel = pingGithubCopilotModel;
+exports.pingProvider = pingProvider;
+exports.runHealthInventory = runHealthInventory;
+const identity_1 = require("./identity");
+const anthropic_1 = require("./providers/anthropic");
+const azure_1 = require("./providers/azure");
+const minimax_1 = require("./providers/minimax");
+const openai_codex_1 = require("./providers/openai-codex");
+const github_copilot_1 = require("./providers/github-copilot");
+const auth_flow_1 = require("./auth/auth-flow");
+const provider_models_1 = require("./provider-models");
+const runtime_1 = require("../nerves/runtime");
+const provider_attempt_1 = require("./provider-attempt");
+const PING_TIMEOUT_MS = 10_000;
+const PING_PROMPT = "ping";
+const CHAT_PING_MAX_TOKENS = 1;
+const RESPONSE_PING_MAX_OUTPUT_TOKENS = 16;
+const ANTHROPIC_SETUP_PING_MODEL = "claude-haiku-4-5-20251001";
+const DEFAULT_AZURE_API_VERSION = "2025-04-01-preview";
+const PING_CALLBACKS = {
+    onModelStart() { },
+    onModelStreamStart() { },
+    onTextChunk() { },
+    onReasoningChunk() { },
+    onToolStart() { },
+    onToolEnd() { },
+    onError() { },
+};
+function createPingMessages() {
+    return [{ role: "user", content: PING_PROMPT }];
+}
+function createChatPingRequest(model) {
+    return { model, max_tokens: CHAT_PING_MAX_TOKENS, messages: createPingMessages() };
+}
+function createResponsePingRequest(model) {
+    return { model, input: PING_PROMPT, max_output_tokens: RESPONSE_PING_MAX_OUTPUT_TOKENS };
+}
+/**
+ * Strip raw JSON/HTML API response bodies from error messages.
+ * SDK errors often include the full response: "400 {"type":"error",...}" or "403 <html>...".
+ * Extract just the HTTP status and a short human-readable summary.
+ */
+function sanitizeErrorMessage(message) {
+    const statusMatch = message.match(/^(\d{3})\s/);
+    if (!statusMatch)
+        return message;
+    const status = statusMatch[1];
+    const body = message.slice(status.length).trim();
+    // HTML response (Cloudflare challenge, error pages, etc.)
+    if (body.startsWith("<") || body.includes("<!DOCTYPE") || body.includes("<html")) {
+        return `HTTP ${status}`;
+    }
+    // JSON response
+    if (body.startsWith("{")) {
+        try {
+            const json = JSON.parse(body);
+            const inner = json?.error?.message;
+            if (typeof inner === "string" && inner && inner !== "Error") {
+                return `${status} ${inner}`;
+            }
+        }
+        catch { /* not valid JSON */ }
+        return `HTTP ${status}`;
+    }
+    // Already clean (e.g., "401 Provided authentication token is expired.")
+    return message;
+}
+async function readGithubCopilotModelPingError(response) {
+    let detail = `HTTP ${response.status}`;
+    try {
+        const json = await response.json();
+        /* v8 ignore start -- error format parsing: all branches tested via config-models.test.ts @preserve */
+        if (typeof json.error === "string")
+            detail = json.error;
+        else if (typeof json.error === "object" && json.error !== null) {
+            const errObj = json.error;
+            if (typeof errObj.message === "string")
+                detail = errObj.message;
+        }
+        else if (typeof json.message === "string")
+            detail = json.message;
+        /* v8 ignore stop */
+    }
+    catch {
+        // response body not JSON — keep HTTP status
+    }
+    return detail;
+}
+function createStatusError(message, status) {
+    return Object.assign(new Error(message), { status });
+}
+async function pingGithubCopilotModel(baseUrl, token, model, fetchImpl = fetch) {
+    const base = baseUrl.replace(/\/+$/, "");
+    const isClaude = model.startsWith("claude");
+    const url = isClaude ? `${base}/chat/completions` : `${base}/responses`;
+    const body = isClaude
+        ? JSON.stringify(createChatPingRequest(model))
+        : JSON.stringify(createResponsePingRequest(model));
+    const attempt = await (0, provider_attempt_1.runProviderAttempt)({
+        operation: "model-ping",
+        provider: "github-copilot",
+        model,
+        classifyError: github_copilot_1.classifyGithubCopilotError,
+        policy: {
+            maxAttempts: 3,
+            baseDelayMs: 0,
+            backoffMultiplier: 2,
+        },
+        run: async () => {
+            const response = await fetchImpl(url, {
+                method: "POST",
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                    "Content-Type": "application/json",
+                },
+                body,
+            });
+            if (!response.ok) {
+                throw createStatusError(await readGithubCopilotModelPingError(response), response.status);
+            }
+        },
+    });
+    return attempt.ok ? { ok: true } : { ok: false, error: attempt.error.message };
+}
+function hasEmptyCredentials(provider, config) {
+    const record = config;
+    if (provider === "azure") {
+        const hasManagedIdentity = typeof record.endpoint === "string" && record.endpoint.length > 0 &&
+            typeof record.deployment === "string" && record.deployment.length > 0 &&
+            typeof record.managedIdentityClientId === "string" && record.managedIdentityClientId.length > 0;
+        if (hasManagedIdentity)
+            return false;
+    }
+    return identity_1.PROVIDER_CREDENTIALS[provider].required.some((key) => !record[key]);
+}
+function createRuntimeForPing(provider, config, model) {
+    // Use the same provider defaults as auth switch and hatch so verification
+    // cannot drift to stale provider/model pairings, and pass the checked
+    // credentials directly so daemon-side pings do not depend on --agent globals.
+    const resolvedModel = model ?? (0, provider_models_1.getDefaultModelForProvider)(provider);
+    switch (provider) {
+        case "anthropic":
+            return (0, anthropic_1.createAnthropicProviderRuntime)(resolvedModel, config);
+        case "azure":
+            return (0, azure_1.createAzureProviderRuntime)(resolvedModel, {
+                ...config,
+                apiVersion: config.apiVersion ?? DEFAULT_AZURE_API_VERSION,
+            });
+        case "minimax":
+            return (0, minimax_1.createMinimaxProviderRuntime)(resolvedModel, config);
+        case "openai-codex":
+            return (0, openai_codex_1.createOpenAICodexProviderRuntime)(resolvedModel, config);
+        case "github-copilot":
+            return (0, github_copilot_1.createGithubCopilotProviderRuntime)(resolvedModel, config);
+        /* v8 ignore next 2 -- exhaustive: all providers handled above @preserve */
+        default:
+            throw new Error(`unsupported provider for ping: ${provider}`);
+    }
+}
+async function pingProvider(provider, config, options = {}) {
+    if (hasEmptyCredentials(provider, config)) {
+        return { ok: false, classification: "auth-failure", message: "no credentials configured" };
+    }
+    let runtime;
+    try {
+        runtime = createRuntimeForPing(provider, config, options.model);
+        /* v8 ignore start -- factory creation failure: tested via individual provider init tests @preserve */
+    }
+    catch (error) {
+        return {
+            ok: false,
+            classification: "auth-failure",
+            message: error instanceof Error ? error.message : String(error),
+        };
+    }
+    /* v8 ignore stop */
+    const attempt = await (0, provider_attempt_1.runProviderAttempt)({
+        operation: "ping",
+        provider,
+        model: runtime.model,
+        classifyError: (error) => runtime.classifyError(error),
+        policy: {
+            maxAttempts: 3,
+            baseDelayMs: 0,
+            backoffMultiplier: 2,
+            ...options.attemptPolicy,
+        },
+        sleep: options.sleep,
+        run: async () => {
+            const controller = new AbortController();
+            /* v8 ignore next -- timeout callback: only fires after 10s, tests resolve faster @preserve */
+            const timeout = setTimeout(() => controller.abort(), PING_TIMEOUT_MS);
+            try {
+                // Minimal API call — no thinking, no reasoning, no tools.
+                if (provider === "anthropic") {
+                    // Use haiku for the ping — setup tokens may not have access to newer
+                    // models, but if haiku works, the credentials are valid.
+                    // Override the beta header to exclude thinking (which requires a
+                    // thinking param in the request body).
+                    const client = runtime.client;
+                    await client.messages.create(createChatPingRequest(ANTHROPIC_SETUP_PING_MODEL), { signal: controller.signal, headers: { "anthropic-beta": "claude-code-20250219,oauth-2025-04-20" } });
+                }
+                else if (provider === "openai-codex") {
+                    await runtime.streamTurn({
+                        messages: createPingMessages(),
+                        activeTools: [],
+                        callbacks: PING_CALLBACKS,
+                        signal: controller.signal,
+                        toolChoiceRequired: false,
+                    });
+                }
+                else {
+                    // OpenAI-compatible providers (azure, minimax, github-copilot)
+                    const client = runtime.client;
+                    await client.chat.completions.create(createChatPingRequest(runtime.model), { signal: controller.signal });
+                }
+            }
+            finally {
+                clearTimeout(timeout);
+            }
+        },
+    });
+    if (attempt.ok) {
+        return { ok: true, attempts: attempt.attempts };
+    }
+    (0, runtime_1.emitNervesEvent)({
+        component: "engine",
+        event: "engine.provider_ping_fail",
+        message: `provider ping failed: ${provider}`,
+        meta: { provider, classification: attempt.classification, error: attempt.error.message },
+    });
+    return {
+        ok: false,
+        classification: attempt.classification,
+        message: sanitizeErrorMessage(attempt.error.message),
+        attempts: attempt.attempts,
+    };
+}
+const PINGABLE_PROVIDERS = ["anthropic", "openai-codex", "azure", "minimax", "github-copilot"];
+async function runHealthInventory(agentName, currentProvider, deps = {}) {
+    /* v8 ignore next -- default: tests inject ping dep @preserve */
+    const ping = deps.ping ?? pingProvider;
+    const { secrets } = (0, auth_flow_1.loadAgentSecrets)(agentName);
+    const providers = PINGABLE_PROVIDERS.filter((p) => p !== currentProvider);
+    const results = await Promise.all(providers.map(async (provider) => {
+        const config = secrets.providers[provider];
+        const result = await ping(provider, config);
+        return [provider, result];
+    }));
+    const inventory = {};
+    for (const [provider, result] of results) {
+        inventory[provider] = result;
+    }
+    return inventory;
+}

package/dist/heart/provider-state.js

@@ -0,0 +1,208 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateProviderState = validateProviderState;
+exports.getProviderStatePath = getProviderStatePath;
+exports.readProviderState = readProviderState;
+exports.writeProviderState = writeProviderState;
+exports.bootstrapProviderStateFromAgentConfig = bootstrapProviderStateFromAgentConfig;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const runtime_1 = require("../nerves/runtime");
+const identity_1 = require("./identity");
+const LANES = ["outward", "inner"];
+const VALID_SOURCES = new Set(["bootstrap", "local"]);
+const VALID_READINESS = new Set(["ready", "failed", "stale", "unknown"]);
+function isProvider(value) {
+    return typeof value === "string" && Object.prototype.hasOwnProperty.call(identity_1.PROVIDER_CREDENTIALS, value);
+}
+function isNonEmptyString(value) {
+    return typeof value === "string" && value.trim().length > 0;
+}
+function validateBinding(value, label) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        throw new Error(`${label} must be an object`);
+    }
+    const record = value;
+    if (!isProvider(record.provider))
+        throw new Error(`${label}.provider must be a valid provider`);
+    if (!isNonEmptyString(record.model))
+        throw new Error(`${label}.model must be a non-empty string`);
+    if (!VALID_SOURCES.has(record.source)) {
+        throw new Error(`${label}.source must be bootstrap or local`);
+    }
+    if (!isNonEmptyString(record.updatedAt))
+        throw new Error(`${label}.updatedAt must be a non-empty string`);
+    return {
+        provider: record.provider,
+        model: record.model,
+        source: record.source,
+        updatedAt: record.updatedAt,
+    };
+}
+function validateReadiness(value, label) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        throw new Error(`${label} must be an object`);
+    }
+    const record = value;
+    if (!VALID_READINESS.has(record.status)) {
+        throw new Error(`${label}.status must be ready, failed, stale, or unknown`);
+    }
+    if (!isProvider(record.provider))
+        throw new Error(`${label}.provider must be a valid provider`);
+    if (!isNonEmptyString(record.model))
+        throw new Error(`${label}.model must be a non-empty string`);
+    if (record.checkedAt !== undefined && typeof record.checkedAt !== "string") {
+        throw new Error(`${label}.checkedAt must be a string when present`);
+    }
+    if (record.credentialRevision !== undefined && typeof record.credentialRevision !== "string") {
+        throw new Error(`${label}.credentialRevision must be a string when present`);
+    }
+    if (record.error !== undefined && typeof record.error !== "string") {
+        throw new Error(`${label}.error must be a string when present`);
+    }
+    if (record.attempts !== undefined && typeof record.attempts !== "number") {
+        throw new Error(`${label}.attempts must be a number when present`);
+    }
+    return {
+        status: record.status,
+        provider: record.provider,
+        model: record.model,
+        ...(record.checkedAt !== undefined ? { checkedAt: record.checkedAt } : {}),
+        ...(record.credentialRevision !== undefined ? { credentialRevision: record.credentialRevision } : {}),
+        ...(record.error !== undefined ? { error: record.error } : {}),
+        ...(record.attempts !== undefined ? { attempts: record.attempts } : {}),
+    };
+}
+function validateProviderState(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        throw new Error("provider state must be an object");
+    }
+    const record = value;
+    if (record.schemaVersion !== 1)
+        throw new Error("schemaVersion must be 1");
+    if (!isNonEmptyString(record.machineId))
+        throw new Error("machineId must be a non-empty string");
+    if (!isNonEmptyString(record.updatedAt))
+        throw new Error("updatedAt must be a non-empty string");
+    if (!record.lanes || typeof record.lanes !== "object" || Array.isArray(record.lanes)) {
+        throw new Error("lanes must be an object");
+    }
+    const rawLanes = record.lanes;
+    const lanes = {
+        outward: validateBinding(rawLanes.outward, "outward"),
+        inner: validateBinding(rawLanes.inner, "inner"),
+    };
+    if (!record.readiness || typeof record.readiness !== "object" || Array.isArray(record.readiness)) {
+        throw new Error("readiness must be an object");
+    }
+    const rawReadiness = record.readiness;
+    const readiness = {};
+    for (const lane of LANES) {
+        if (rawReadiness[lane] !== undefined) {
+            readiness[lane] = validateReadiness(rawReadiness[lane], `${lane}.readiness`);
+        }
+    }
+    return {
+        schemaVersion: 1,
+        machineId: record.machineId,
+        updatedAt: record.updatedAt,
+        lanes,
+        readiness,
+    };
+}
+function getProviderStatePath(agentRoot) {
+    return path.join(agentRoot, "state", "providers.json");
+}
+function readProviderState(agentRoot) {
+    const statePath = getProviderStatePath(agentRoot);
+    let raw;
+    try {
+        raw = fs.readFileSync(statePath, "utf-8");
+    }
+    catch (error) {
+        const code = error.code;
+        if (code === "ENOENT") {
+            return { ok: false, reason: "missing", statePath, error: "provider state not found" };
+        }
+        return { ok: false, reason: "invalid", statePath, error: String(error) };
+    }
+    try {
+        const state = validateProviderState(JSON.parse(raw));
+        (0, runtime_1.emitNervesEvent)({
+            component: "config/identity",
+            event: "config.provider_state_read",
+            message: "read provider state",
+            meta: { statePath, machineId: state.machineId },
+        });
+        return { ok: true, statePath, state };
+    }
+    catch (error) {
+        return { ok: false, reason: "invalid", statePath, error: String(error) };
+    }
+}
+function writeProviderState(agentRoot, state) {
+    const statePath = getProviderStatePath(agentRoot);
+    const validated = validateProviderState(state);
+    fs.mkdirSync(path.dirname(statePath), { recursive: true });
+    fs.writeFileSync(statePath, `${JSON.stringify(validated, null, 2)}\n`, "utf-8");
+    (0, runtime_1.emitNervesEvent)({
+        component: "config/identity",
+        event: "config.provider_state_written",
+        message: "wrote provider state",
+        meta: { statePath, machineId: validated.machineId },
+    });
+}
+function binding(provider, model, updatedAt) {
+    return {
+        provider,
+        model,
+        source: "bootstrap",
+        updatedAt,
+    };
+}
+function bootstrapProviderStateFromAgentConfig(input) {
+    const updatedAt = input.now.toISOString();
+    return {
+        schemaVersion: 1,
+        machineId: input.machineId,
+        updatedAt,
+        lanes: {
+            outward: binding(input.agentConfig.humanFacing.provider, input.agentConfig.humanFacing.model, updatedAt),
+            inner: binding(input.agentConfig.agentFacing.provider, input.agentConfig.agentFacing.model, updatedAt),
+        },
+        readiness: {},
+    };
+}