@pellux/goodvibes-tui 0.19.32 → 0.19.34

package/src/input/handler-onboarding-cloudflare.ts

@@ -0,0 +1,391 @@
+import {
+  CloudflareDaemonRouteError,
+  createCloudflareDaemonClient,
+  type CloudflareComponentSelection,
+  type CloudflareDaemonClient,
+  type CloudflareDiscoverResult,
+  type CloudflareOperationalTokenResult,
+  type CloudflareProvisionRequest,
+  type CloudflareProvisionResult,
+  type CloudflareTokenRequirementsResult,
+  type CloudflareValidateResult,
+  type CloudflareVerifyResult,
+} from '../runtime/cloudflare-control-plane.ts';
+import type { OnboardingVerificationItem } from '../runtime/onboarding/index.ts';
+import type { InputHandler } from './handler.ts';
+import type { OnboardingWizardAction, OnboardingWizardApplyFeedback } from './onboarding/onboarding-wizard.ts';
+import {
+  buildCloudflareApiTokenRef,
+  buildCloudflareProvisionRequest,
+  getCloudflareBatchMode,
+  getCloudflareComponentSelection,
+  getCloudflareSetupSource,
+  shouldShowCloudflareStep,
+} from './onboarding/onboarding-wizard-cloudflare.ts';
+
+type CloudflareOnboardingAction = Extract<OnboardingWizardAction,
+  | 'cloudflare-token-requirements'
+  | 'cloudflare-create-operational-token'
+  | 'cloudflare-discover'
+  | 'cloudflare-validate'
+  | 'cloudflare-provision'
+  | 'cloudflare-verify'
+  | 'cloudflare-disable'
+>;
+
+function getCloudflareDaemonClientForHandler(handler: InputHandler): CloudflareDaemonClient {
+  return createCloudflareDaemonClient({
+    configManager: handler.uiServices.platform.configManager,
+    homeDirectory: handler.uiServices.environment.homeDirectory,
+  });
+}
+
+function normalizeCloudflareActionError(error: unknown): string {
+  if (error instanceof CloudflareDaemonRouteError) {
+    return `${error.message} (HTTP ${error.status}, ${error.code})`;
+  }
+  return error instanceof Error ? error.message : String(error);
+}
+
+function setCloudflareWizardStatusForHandler(
+  handler: InputHandler,
+  title: string,
+  lines: readonly string[],
+  severity: OnboardingWizardApplyFeedback['severity'] = 'info',
+): void {
+  const message = [title, ...lines].filter((line) => line.length > 0).join('\n');
+  handler.onboardingWizard.textState.set('cloudflare.action-status', message);
+  handler.onboardingWizard.setApplyFeedback({
+    severity,
+    title,
+    summary: lines[0] ?? title,
+    messages: lines.length > 0 ? lines : [title],
+  });
+  const targetIndex = handler.onboardingWizard.steps.findIndex((step) => step.id === 'cloudflare');
+  if (targetIndex >= 0) handler.onboardingWizard.setStep(targetIndex);
+  handler.commandContext?.print?.(message);
+  handler.requestRender();
+}
+
+function formatCloudflareComponents(components: CloudflareComponentSelection): string {
+  const enabled = Object.entries(components)
+    .filter(([, selected]) => selected === true)
+    .map(([component]) => component);
+  return enabled.length > 0 ? enabled.join(', ') : 'none';
+}
+
+function formatCloudflareRequirements(result: CloudflareTokenRequirementsResult): string[] {
+  const permissionLines = result.permissions.length > 0
+    ? result.permissions.map((permission) => `  ${permission.scope}: ${permission.permission} (${permission.component}) - ${permission.reason}`)
+    : ['  No permissions returned for the selected components.'];
+  return [
+    `components: ${formatCloudflareComponents(result.components)}`,
+    'required permissions:',
+    ...permissionLines,
+    ...(result.bootstrapToken.instructions.length > 0
+      ? ['', 'bootstrap token instructions:', ...result.bootstrapToken.instructions.map((line) => `  ${line}`)]
+      : []),
+  ];
+}
+
+function formatCloudflareValidation(result: CloudflareValidateResult): string[] {
+  return [
+    `token: ${result.ok ? 'valid' : 'not valid'}`,
+    `source: ${result.tokenSource}`,
+    result.account
+      ? `account: ${result.account.name} (${result.account.id})`
+      : 'account: not resolved',
+  ];
+}
+
+function formatCloudflareDiscovery(result: CloudflareDiscoverResult): string[] {
+  return [
+    `token source: ${result.tokenSource}`,
+    `accounts: ${result.accounts.length}`,
+    `zones: ${result.zones.length}`,
+    `worker subdomain: ${result.workerSubdomain || 'not detected'}`,
+    `queues: ${result.queues?.length ?? 0}`,
+    `KV namespaces: ${result.kvNamespaces?.length ?? 0}`,
+    `R2 buckets: ${result.r2Buckets?.length ?? 0}`,
+    ...(result.selectedAccount ? [`selected account: ${result.selectedAccount.name} (${result.selectedAccount.id})`] : []),
+    ...(result.selectedZone ? [`selected zone: ${result.selectedZone.name} (${result.selectedZone.id})`] : []),
+    ...result.warnings.map((warning) => `warning: ${warning}`),
+  ];
+}
+
+function formatCloudflareTokenCreate(result: CloudflareOperationalTokenResult): string[] {
+  return [
+    `token: ${result.tokenName}${result.tokenId ? ` (${result.tokenId})` : ''}`,
+    `account: ${result.accountId}`,
+    `stored ref: ${result.apiTokenRef ?? 'not stored'}`,
+    `permissions: ${result.permissions.length}`,
+    'Delete or expire the temporary bootstrap token in Cloudflare after confirming the operational token works.',
+  ];
+}
+
+function formatCloudflareProvision(result: CloudflareProvisionResult): string[] {
+  return [
+    `result: ${result.ok ? 'ok' : 'needs attention'}`,
+    ...(result.worker ? [`worker: ${result.worker.name}${result.worker.baseUrl ? ` at ${result.worker.baseUrl}` : ''}`] : []),
+    ...(result.queues ? [`queue: ${result.queues.queueName}; DLQ: ${result.queues.deadLetterQueueName}`] : []),
+    ...result.steps.map((step) => `${step.status}: ${step.name}${step.message ? ` - ${step.message}` : ''}`),
+    ...(result.verification ? formatCloudflareVerify(result.verification).map((line) => `verify ${line}`) : []),
+  ];
+}
+
+function formatCloudflareVerify(result: CloudflareVerifyResult): string[] {
+  return [
+    `worker health: ${result.workerHealth.ok ? 'ok' : 'failed'} (HTTP ${result.workerHealth.status})${result.workerHealth.error ? ` - ${result.workerHealth.error}` : ''}`,
+    ...(result.daemonBatchProxy
+      ? [`daemon batch proxy: ${result.daemonBatchProxy.ok ? 'ok' : 'failed'} (HTTP ${result.daemonBatchProxy.status})${result.daemonBatchProxy.error ? ` - ${result.daemonBatchProxy.error}` : ''}`]
+      : []),
+  ];
+}
+
+function getCloudflareBootstrapTokenFromWizard(handler: InputHandler): string {
+  const wizard = handler.onboardingWizard;
+  const setupSource = getCloudflareSetupSource(wizard);
+  if (setupSource === 'bootstrap-token') {
+    return wizard.getStringFieldValue('cloudflare.bootstrap-token', '');
+  }
+  if (setupSource === 'bootstrap-env') {
+    const envName = wizard.getStringFieldValue('cloudflare.bootstrap-env-name', 'GOODVIBES_CLOUDFLARE_BOOTSTRAP_TOKEN');
+    return process.env[envName] ?? '';
+  }
+  return '';
+}
+
+function getCloudflareOperationalTokenFromWizard(handler: InputHandler): string {
+  const wizard = handler.onboardingWizard;
+  return getCloudflareSetupSource(wizard) === 'operational-token'
+    ? wizard.getStringFieldValue('cloudflare.operational-token', '')
+    : '';
+}
+
+function getCloudflareApiTokenRefFromWizard(handler: InputHandler): string {
+  const wizard = handler.onboardingWizard;
+  const setupSource = getCloudflareSetupSource(wizard);
+  if (setupSource === 'operational-env') {
+    return buildCloudflareApiTokenRef(wizard.getStringFieldValue('cloudflare.operational-env-name', 'CLOUDFLARE_API_TOKEN'));
+  }
+  return wizard.runtimeSnapshot?.config.cloudflare.apiTokenRef ?? '';
+}
+
+async function createCloudflareOperationalTokenForHandler(handler: InputHandler): Promise<CloudflareOperationalTokenResult> {
+  const wizard = handler.onboardingWizard;
+  const bootstrapToken = getCloudflareBootstrapTokenFromWizard(handler);
+  if (!bootstrapToken) {
+    throw new Error('A bootstrap token is required. Paste it in the wizard or select an environment variable that is set in this TUI process.');
+  }
+  const accountId = wizard.getStringFieldValue('cloudflare.account-id', wizard.runtimeSnapshot?.config.cloudflare.accountId ?? '');
+  const zoneId = wizard.getStringFieldValue('cloudflare.zone-id', wizard.runtimeSnapshot?.config.cloudflare.zoneId ?? '');
+  const zoneName = wizard.getStringFieldValue('cloudflare.zone-name', wizard.runtimeSnapshot?.config.cloudflare.zoneName ?? '');
+  return await getCloudflareDaemonClientForHandler(handler).createOperationalToken({
+    components: getCloudflareComponentSelection(wizard),
+    bootstrapToken,
+    ...(accountId ? { accountId } : {}),
+    ...(zoneId ? { zoneId } : {}),
+    ...(zoneName ? { zoneName } : {}),
+    storeApiToken: true,
+    persistConfig: true,
+  });
+}
+
+async function buildCloudflareProvisionInputForHandler(handler: InputHandler): Promise<CloudflareProvisionRequest> {
+  const input = buildCloudflareProvisionRequest(handler.onboardingWizard, { includeTransientSecrets: true });
+  const setupSource = getCloudflareSetupSource(handler.onboardingWizard);
+  if (setupSource === 'bootstrap-token' || setupSource === 'bootstrap-env') {
+    const tokenResult = await createCloudflareOperationalTokenForHandler(handler);
+    if (tokenResult.apiTokenRef) {
+      const withoutInlineToken = { ...input };
+      delete withoutInlineToken.apiToken;
+      return { ...withoutInlineToken, apiTokenRef: tokenResult.apiTokenRef };
+    }
+  }
+  return input;
+}
+
+function buildCloudflareDiscoveryInputForHandler(handler: InputHandler): Parameters<CloudflareDaemonClient['discover']>[0] {
+  const wizard = handler.onboardingWizard;
+  const accountId = wizard.getStringFieldValue('cloudflare.account-id', wizard.runtimeSnapshot?.config.cloudflare.accountId ?? '');
+  const zoneId = wizard.getStringFieldValue('cloudflare.zone-id', wizard.runtimeSnapshot?.config.cloudflare.zoneId ?? '');
+  const zoneName = wizard.getStringFieldValue('cloudflare.zone-name', wizard.runtimeSnapshot?.config.cloudflare.zoneName ?? '');
+  const bootstrapToken = getCloudflareBootstrapTokenFromWizard(handler);
+  const apiToken = getCloudflareOperationalTokenFromWizard(handler) || bootstrapToken;
+  const apiTokenRef = getCloudflareApiTokenRefFromWizard(handler);
+  return {
+    components: getCloudflareComponentSelection(wizard),
+    includeResources: true,
+    ...(accountId ? { accountId } : {}),
+    ...(zoneId ? { zoneId } : {}),
+    ...(zoneName ? { zoneName } : {}),
+    ...(apiToken ? { apiToken } : apiTokenRef ? { apiTokenRef } : {}),
+  };
+}
+
+function buildCloudflareValidateInputForHandler(handler: InputHandler): Parameters<CloudflareDaemonClient['validate']>[0] {
+  const wizard = handler.onboardingWizard;
+  const accountId = wizard.getStringFieldValue('cloudflare.account-id', wizard.runtimeSnapshot?.config.cloudflare.accountId ?? '');
+  const bootstrapToken = getCloudflareBootstrapTokenFromWizard(handler);
+  const apiToken = getCloudflareOperationalTokenFromWizard(handler) || bootstrapToken;
+  const apiTokenRef = getCloudflareApiTokenRefFromWizard(handler);
+  return {
+    ...(accountId ? { accountId } : {}),
+    ...(apiToken ? { apiToken } : apiTokenRef ? { apiTokenRef } : {}),
+  };
+}
+
+export async function handleCloudflareOnboardingActionForHandler(
+  handler: InputHandler,
+  action: CloudflareOnboardingAction,
+): Promise<void> {
+  if (handler.onboardingApplyPending) return;
+  handler.onboardingApplyPending = true;
+  handler.onboardingWizard.clearApplyFeedback();
+  handler.requestRender();
+  try {
+    const client = getCloudflareDaemonClientForHandler(handler);
+    if (action === 'cloudflare-token-requirements') {
+      const result = await client.tokenRequirements({
+        components: getCloudflareComponentSelection(handler.onboardingWizard),
+        includeBootstrap: true,
+      });
+      setCloudflareWizardStatusForHandler(handler, 'Cloudflare token requirements', formatCloudflareRequirements(result));
+      return;
+    }
+
+    if (action === 'cloudflare-create-operational-token') {
+      const result = await createCloudflareOperationalTokenForHandler(handler);
+      setCloudflareWizardStatusForHandler(handler, 'Cloudflare operational token created', formatCloudflareTokenCreate(result));
+      await handler.refreshOnboardingHydration({ preserveValues: true, targetStepId: 'cloudflare' });
+      return;
+    }
+
+    if (action === 'cloudflare-discover') {
+      const result = await client.discover(buildCloudflareDiscoveryInputForHandler(handler));
+      if (result.selectedAccount && !handler.onboardingWizard.getStringFieldValue('cloudflare.account-id', '')) {
+        handler.onboardingWizard.setFieldValue('cloudflare.account-id', result.selectedAccount.id);
+      } else if (result.accounts.length === 1 && !handler.onboardingWizard.getStringFieldValue('cloudflare.account-id', '')) {
+        handler.onboardingWizard.setFieldValue('cloudflare.account-id', result.accounts[0]!.id);
+      }
+      if (result.selectedZone && !handler.onboardingWizard.getStringFieldValue('cloudflare.zone-id', '')) {
+        handler.onboardingWizard.setFieldValue('cloudflare.zone-id', result.selectedZone.id);
+        handler.onboardingWizard.setFieldValue('cloudflare.zone-name', result.selectedZone.name);
+      } else if (result.zones.length === 1 && !handler.onboardingWizard.getStringFieldValue('cloudflare.zone-id', '')) {
+        handler.onboardingWizard.setFieldValue('cloudflare.zone-id', result.zones[0]!.id);
+        handler.onboardingWizard.setFieldValue('cloudflare.zone-name', result.zones[0]!.name);
+      }
+      if (result.workerSubdomain && !handler.onboardingWizard.getStringFieldValue('cloudflare.worker-subdomain', '')) {
+        handler.onboardingWizard.setFieldValue('cloudflare.worker-subdomain', result.workerSubdomain);
+      }
+      setCloudflareWizardStatusForHandler(handler, 'Cloudflare discovery completed', formatCloudflareDiscovery(result));
+      return;
+    }
+
+    if (action === 'cloudflare-validate') {
+      const result = await client.validate(buildCloudflareValidateInputForHandler(handler));
+      setCloudflareWizardStatusForHandler(
+        handler,
+        result.ok ? 'Cloudflare token validated' : 'Cloudflare token validation needs attention',
+        formatCloudflareValidation(result),
+        result.ok ? 'info' : 'warning',
+      );
+      return;
+    }
+
+    if (action === 'cloudflare-provision') {
+      const input = await buildCloudflareProvisionInputForHandler(handler);
+      const result = await client.provision(input);
+      setCloudflareWizardStatusForHandler(
+        handler,
+        result.ok ? 'Cloudflare provisioning completed' : 'Cloudflare provisioning needs attention',
+        formatCloudflareProvision(result),
+        result.ok ? 'info' : 'warning',
+      );
+      await handler.refreshOnboardingHydration({ preserveValues: true, targetStepId: 'cloudflare' });
+      return;
+    }
+
+    if (action === 'cloudflare-verify') {
+      const result = await client.verify({
+        workerBaseUrl: handler.onboardingWizard.getStringFieldValue('cloudflare.worker-base-url', handler.onboardingWizard.runtimeSnapshot?.config.cloudflare.workerBaseUrl ?? ''),
+        workerClientTokenRef: handler.onboardingWizard.runtimeSnapshot?.config.cloudflare.workerClientTokenRef ?? '',
+      });
+      setCloudflareWizardStatusForHandler(
+        handler,
+        result.ok ? 'Cloudflare Worker verified' : 'Cloudflare Worker verification needs attention',
+        formatCloudflareVerify(result),
+        result.ok ? 'info' : 'warning',
+      );
+      return;
+    }
+
+    if (action === 'cloudflare-disable') {
+      const result = await client.disable({
+        accountId: handler.onboardingWizard.getStringFieldValue('cloudflare.account-id', handler.onboardingWizard.runtimeSnapshot?.config.cloudflare.accountId ?? ''),
+        apiTokenRef: getCloudflareApiTokenRefFromWizard(handler),
+        workerName: handler.onboardingWizard.getStringFieldValue('cloudflare.worker-name', handler.onboardingWizard.runtimeSnapshot?.config.cloudflare.workerName ?? 'goodvibes-batch-worker'),
+        persistConfig: true,
+      });
+      setCloudflareWizardStatusForHandler(
+        handler,
+        result.ok ? 'Cloudflare integration disabled' : 'Cloudflare disable needs attention',
+        result.steps.map((step) => `${step.status}: ${step.name}${step.message ? ` - ${step.message}` : ''}`),
+        result.ok ? 'info' : 'warning',
+      );
+      await handler.refreshOnboardingHydration({ preserveValues: true, targetStepId: 'cloudflare' });
+    }
+  } catch (error) {
+    setCloudflareWizardStatusForHandler(handler, 'Cloudflare action failed', [normalizeCloudflareActionError(error)], 'error');
+  } finally {
+    handler.onboardingApplyPending = false;
+    handler.requestRender();
+  }
+}
+
+export async function maybeProvisionCloudflareOnFinalApplyForHandler(handler: InputHandler): Promise<readonly OnboardingVerificationItem[]> {
+  const wizard = handler.onboardingWizard;
+  if (!shouldShowCloudflareStep(wizard)) return [];
+  const cloudflareEnabled = wizard.getBooleanFieldValue('cloudflare.enabled', wizard.isCapabilitySelected('cloudflare-batch') || wizard.runtimeSnapshot?.config.cloudflare.enabled === true);
+  if (!cloudflareEnabled) {
+    return [{
+      id: 'cloudflare:disabled',
+      status: 'pass',
+      message: 'Cloudflare integration is disabled; local daemon behavior remains active.',
+      target: 'cloudflare',
+    }];
+  }
+  const provisionOnApply = wizard.getStringFieldValue('cloudflare.provision-on-apply', 'no') === 'yes';
+  if (!provisionOnApply) {
+    return [{
+      id: 'cloudflare:configuration-saved',
+      status: 'pass',
+      message: `Cloudflare settings were saved. Batch mode is ${getCloudflareBatchMode(wizard)}; provisioning was not requested on final apply.`,
+      target: 'cloudflare',
+    }];
+  }
+
+  try {
+    const client = getCloudflareDaemonClientForHandler(handler);
+    const result = await client.provision(await buildCloudflareProvisionInputForHandler(handler));
+    handler.onboardingWizard.textState.set('cloudflare.action-status', [
+      result.ok ? 'Cloudflare provisioning completed during final apply.' : 'Cloudflare provisioning needs attention after final apply.',
+      ...formatCloudflareProvision(result),
+    ].join('\n'));
+    return [{
+      id: 'cloudflare:provision',
+      status: result.ok ? 'pass' : 'warn',
+      message: result.ok
+        ? 'Cloudflare resources were provisioned and verified through the daemon SDK route.'
+        : 'Cloudflare provisioning returned warnings or failed verification. Settings were saved; rerun the Cloudflare wizard action after correcting token/resource issues.',
+      target: 'cloudflare',
+    }];
+  } catch (error) {
+    return [{
+      id: 'cloudflare:provision',
+      status: 'warn',
+      message: `Cloudflare provisioning did not complete: ${normalizeCloudflareActionError(error)} Settings were saved; retry from the Cloudflare wizard or /cloudflare command.`,
+      target: 'cloudflare',
+    }];
+  }
+}

package/src/input/handler-onboarding.ts

@@ -3,6 +3,7 @@ import { beginOpenAICodexLogin, exchangeOpenAICodexCode } from '@pellux/goodvibe
 import { openExternalUrl } from '@pellux/goodvibes-sdk/platform/utils/open-external';
 import { buildProviderAccountSnapshot } from '@pellux/goodvibes-sdk/platform/runtime/provider-accounts/registry';
 import { OnboardingWizardController, type OnboardingWizardAction, type OnboardingWizardApplyFeedback } from './onboarding/onboarding-wizard.ts';
+import { handleCloudflareOnboardingActionForHandler, maybeProvisionCloudflareOnFinalApplyForHandler } from './handler-onboarding-cloudflare.ts';
 import { applyOnboardingRequest, collectOnboardingSnapshot, verifyOnboardingRequest } from '../runtime/onboarding/index.ts';
 import type { OnboardingApplyRequest, OnboardingVerificationItem } from '../runtime/onboarding/index.ts';
 import type { ModelPickerTarget } from './model-picker.ts';
@@ -186,6 +187,24 @@ export function openModelPickerWithTargetForHandler(
     return true;
   }
 
+export function openProviderModelPickerWithTargetForHandler(
+  handler: InputHandler,
+    target: ModelPickerTarget,
+    source: 'settings' | 'onboarding' = 'settings',
+  ): boolean {
+    const openProviderPicker = handler.commandContext?.openProviderPicker;
+    if (!openProviderPicker) return false;
+    if (source === 'onboarding' && handler.onboardingWizard.active) {
+      handler.onboardingModelPickerCancelSnapshot = captureOnboardingWizardSnapshot(handler.onboardingWizard);
+    } else {
+      handler.clearOnboardingModelPickerCancelState();
+    }
+    handler.clearOnboardingPendingModelPickerTarget();
+    handler.modelPicker.target = target;
+    openProviderPicker();
+    return true;
+  }
+
 export function handleModelPickerCommitForHandler(handler: InputHandler): boolean {
     if (handler.onboardingModelPickerCancelSnapshot && handler.onboardingWizard.active) {
       const selected = handler.modelPicker.mode === 'effort'
@@ -227,6 +246,18 @@ export async function handleOnboardingActionForHandler(handler: InputHandler, ac
       continueOnboardingSection(handler);
       return;
     }
+    if (action.startsWith('cloudflare-')) {
+      await handleCloudflareOnboardingActionForHandler(handler, action as Extract<OnboardingWizardAction,
+        | 'cloudflare-token-requirements'
+        | 'cloudflare-create-operational-token'
+        | 'cloudflare-discover'
+        | 'cloudflare-validate'
+        | 'cloudflare-provision'
+        | 'cloudflare-verify'
+        | 'cloudflare-disable'
+      >);
+      return;
+    }
     if (action !== 'apply') return;
     if (handler.onboardingApplyPending) return;
     const blockers = handler.onboardingWizard.getBlockingFieldLabels();
@@ -272,6 +303,8 @@ export async function handleOnboardingActionForHandler(handler: InputHandler, ac
             ? { ...item, status: 'warn' }
             : item));
         verificationItems = dedupeOnboardingVerificationItems([...verificationItems, ...runtimeWarnings]);
+        const cloudflareItems = await maybeProvisionCloudflareOnFinalApplyForHandler(handler);
+        verificationItems = dedupeOnboardingVerificationItems([...verificationItems, ...cloudflareItems]);
       }
     } catch (error) {
       showOnboardingApplyFeedbackForHandler(handler, {

package/src/input/handler-picker-routes.ts

@@ -55,7 +55,7 @@ export function handleModelPickerToken(state: ModelPickerRouteState, token: Inpu
         const selected = state.modelPicker.getSelected();
         if (selected) {
           const currentEffort = state.commandContext?.session.runtime.reasoningEffort ?? 'medium';
-          if (selected.reasoningEffort && selected.reasoningEffort.length > 0) {
+          if (state.modelPicker.target === 'main' && selected.reasoningEffort && selected.reasoningEffort.length > 0) {
             state.modelPicker.showEffortPicker(selected, currentEffort);
           } else {
             const target = state.modelPicker.target;

package/src/input/handler.ts

@@ -3,7 +3,7 @@ import { dirname } from 'node:path';
 import { InputTokenizer } from '@pellux/goodvibes-sdk/platform/core/tokenizer';
 import { createOAuthLocalListener } from '@pellux/goodvibes-sdk/platform/config/oauth-local-listener';
 import { clearModalStackForHandler, cleanupMarkerRegistryForHandler, executeBlockActionForHandler, expandPromptForHandler, findMarkerAtPosForHandler, getImageAttachmentsForHandler, handleBlockCopyForHandler, handleBlockRerunForHandler, handleBlockSaveForHandler, handleBlockToggleForHandler, handleBookmarkForHandler, handleCopyForHandler, handleCtrlCForHandler, handleDiffApplyForHandler, handleEscapeForHandler, hydrateOnboardingWizardFromRuntimeForHandler, modalOpenedForHandler, openOnboardingWizardForHandler, registerPasteForHandler } from './handler-interactions.ts';
-import { clearOnboardingModelPickerCancelStateForHandler, clearOnboardingPendingModelPickerTargetForHandler, completeOpenAiSubscriptionFromListenerForHandler, getOnboardingConfigValueForHandler, getOnboardingRuntimePostureForHandler, handleModelPickerCommitForHandler, handleOnboardingActionForHandler, handleOpenAiSubscriptionFinishForHandler, handleOpenAiSubscriptionStartForHandler, openModelPickerWithTargetForHandler, refreshOnboardingHydrationForHandler, restartOnboardingExternalServicesIfNeededForHandler, restoreOnboardingModelPickerCancelStateForHandler, syncRuntimeFromOnboardingRequestForHandler, verifyOnboardingRuntimePostureForHandler, type OnboardingRuntimePosture } from './handler-onboarding.ts';
+import { clearOnboardingModelPickerCancelStateForHandler, clearOnboardingPendingModelPickerTargetForHandler, completeOpenAiSubscriptionFromListenerForHandler, getOnboardingConfigValueForHandler, getOnboardingRuntimePostureForHandler, handleModelPickerCommitForHandler, handleOnboardingActionForHandler, handleOpenAiSubscriptionFinishForHandler, handleOpenAiSubscriptionStartForHandler, openModelPickerWithTargetForHandler, openProviderModelPickerWithTargetForHandler, refreshOnboardingHydrationForHandler, restartOnboardingExternalServicesIfNeededForHandler, restoreOnboardingModelPickerCancelStateForHandler, syncRuntimeFromOnboardingRequestForHandler, verifyOnboardingRuntimePostureForHandler, type OnboardingRuntimePosture } from './handler-onboarding.ts';
 import { beginOpenAICodexLogin, exchangeOpenAICodexCode } from '@pellux/goodvibes-sdk/platform/config/openai-codex-auth';
 import { openExternalUrl } from '@pellux/goodvibes-sdk/platform/utils/open-external';
 import { buildProviderAccountSnapshot } from '@pellux/goodvibes-sdk/platform/runtime/provider-accounts/registry';
@@ -325,6 +325,8 @@ export class InputHandler {
         expandPrompt: (text: string) => this.expandPrompt(text),
         openModelPickerWithTarget: (target: ModelPickerTarget, source?: 'settings' | 'onboarding') =>
           this.openModelPickerWithTarget(target, source),
+        openProviderModelPickerWithTarget: (target: ModelPickerTarget, source?: 'settings' | 'onboarding') =>
+          this.openProviderModelPickerWithTarget(target, source),
         onModelPickerCommit: () => this.handleModelPickerCommit(),
         onOnboardingAction: (action: OnboardingWizardAction) => { void this.handleOnboardingAction(action); },
       },
@@ -404,6 +406,7 @@ export class InputHandler {
   public clearOnboardingModelPickerCancelState(): void { clearOnboardingModelPickerCancelStateForHandler(this); }
   public restoreOnboardingModelPickerCancelState(): void { restoreOnboardingModelPickerCancelStateForHandler(this); }
   public openModelPickerWithTarget(target: ModelPickerTarget, source: 'settings' | 'onboarding' = 'settings'): boolean { return openModelPickerWithTargetForHandler(this, target, source); }
+  public openProviderModelPickerWithTarget(target: ModelPickerTarget, source: 'settings' | 'onboarding' = 'settings'): boolean { return openProviderModelPickerWithTargetForHandler(this, target, source); }
   public handleModelPickerCommit(): boolean { return handleModelPickerCommitForHandler(this); }
   public async handleOnboardingAction(action: OnboardingWizardAction): Promise<void> { await handleOnboardingActionForHandler(this, action); }
   public async refreshOnboardingHydration(options: { readonly preserveValues?: boolean; readonly targetStepId?: string } = {}): Promise<void> { await refreshOnboardingHydrationForHandler(this, options); }

package/src/input/model-picker-types.ts

@@ -0,0 +1,125 @@
+import type { ModelDefinition } from '@pellux/goodvibes-sdk/platform/providers/registry';
+
+export type PickerMode = 'model' | 'provider' | 'effort' | 'contextCap';
+
+/**
+ * Which config keys the model picker writes to on commit.
+ * 'main'   -> provider.provider + provider.model (default)
+ * 'helper' -> helper.globalProvider + helper.globalModel (+ helper.enabled: true)
+ * 'tool'   -> tools.llmProvider + tools.llmModel (+ tools.llmEnabled: true)
+ * 'tts'    -> tts.llmProvider + tts.llmModel
+ */
+export type ModelPickerTarget = 'main' | 'helper' | 'tool' | 'tts';
+
+/**
+ * Pricing tier filter.
+ * 'paid' matches ModelDefinition tiers 'standard' and 'premium' for forward-compat
+ * with future CatalogModel tiers ('free' | 'paid' | 'subscription').
+ */
+export type CategoryFilter = 'all' | 'free' | 'paid' | 'subscription';
+
+export type ModelFamily =
+  | 'GPT'
+  | 'Claude'
+  | 'Gemini'
+  | 'Llama'
+  | 'Qwen'
+  | 'GLM'
+  | 'MiniMax'
+  | 'DeepSeek'
+  | 'Mistral'
+  | 'Command'
+  | 'Grok'
+  | 'Kimi'
+  | 'Other';
+
+export type CapabilityFilter = 'reasoning' | 'toolUse' | 'multimodal' | 'none';
+export type BenchmarkSort = 'none' | 'composite' | 'swe' | 'gpqa';
+export type GroupByMode = 'provider' | 'family' | 'pricingTier' | 'qualityTier';
+
+const FAMILY_PATTERNS: Array<{ pattern: RegExp; family: ModelFamily }> = [
+  { pattern: /claude/i,          family: 'Claude' },
+  { pattern: /gpt|\bo1\b|\bo3\b|\bo4\b/i, family: 'GPT' },
+  { pattern: /gemini/i,          family: 'Gemini' },
+  { pattern: /llama/i,           family: 'Llama' },
+  { pattern: /qwen/i,            family: 'Qwen' },
+  { pattern: /glm|chatglm/i,     family: 'GLM' },
+  { pattern: /minimax|abab/i,    family: 'MiniMax' },
+  { pattern: /deepseek/i,        family: 'DeepSeek' },
+  { pattern: /mistral|mixtral/i, family: 'Mistral' },
+  { pattern: /command|cohere/i,  family: 'Command' },
+  { pattern: /grok/i,            family: 'Grok' },
+  { pattern: /kimi|moonshot/i,   family: 'Kimi' },
+];
+
+export function detectFamily(model: ModelDefinition): ModelFamily {
+  const haystack = `${model.id} ${model.displayName}`;
+  for (const { pattern, family } of FAMILY_PATTERNS) {
+    if (pattern.test(haystack)) return family;
+  }
+  return 'Other';
+}
+
+export function tierToCategoryFilter(tier: string | undefined): CategoryFilter {
+  if (tier === 'free') return 'free';
+  if (tier === 'subscription') return 'subscription';
+  return 'paid';
+}
+
+export interface PickerItem {
+  id: string;
+  label: string;
+  detail?: string;
+  isGroupHeader?: boolean;
+  qualityTier?: string;
+  isPinned?: boolean;
+  isFree?: boolean;
+  isConfigured?: boolean;
+  configuredVia?: 'env' | 'secrets' | 'subscription' | 'anonymous';
+}
+
+export const POPULAR_PROVIDERS: ReadonlySet<string> = new Set([
+  'anthropic',
+  'google',
+  'groq',
+  'mistral',
+  'nvidia',
+  'ollama',
+  'openai',
+  'openrouter',
+  'synthetic',
+]);
+
+export interface FilteredModelsCache {
+  readonly modelsRef: ModelDefinition[];
+  readonly configuredProvidersKey: string;
+  readonly pinnedIdsKey: string;
+  readonly recentIdsKey: string;
+  readonly query: string;
+  readonly categoryFilter: CategoryFilter;
+  readonly capabilityFilter: CapabilityFilter;
+  readonly availableOnly: boolean;
+  readonly benchmarkSort: BenchmarkSort;
+  readonly groupBy: GroupByMode;
+  readonly result: ModelDefinition[];
+}
+
+export interface FilteredProvidersCache {
+  readonly providersRef: string[];
+  readonly query: string;
+  readonly result: string[];
+}
+
+export interface ModelItemsCache {
+  readonly filteredModelsRef: ModelDefinition[];
+  readonly pinnedIdsKey: string;
+  readonly groupBy: GroupByMode;
+  readonly result: PickerItem[];
+}
+
+export interface ProviderItemsCache {
+  readonly filteredProvidersRef: string[];
+  readonly configuredProvidersKey: string;
+  readonly configuredViaKey: string;
+  readonly result: PickerItem[];
+}