@pellux/goodvibes-tui 0.19.33 → 0.19.35

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pellux/goodvibes-tui",
-  "version": "0.19.33",
+  "version": "0.19.35",
   "description": "Terminal-native GoodVibes product for coding, operations, automation, knowledge, channels, and daemon-backed control-plane workflows.",
   "type": "module",
   "main": "src/main.ts",
@@ -91,7 +91,7 @@
     "@anthropic-ai/vertex-sdk": "^0.16.0",
     "@ast-grep/napi": "^0.42.0",
     "@aws/bedrock-token-generator": "^1.1.0",
-    "@pellux/goodvibes-sdk": "0.25.8",
+    "@pellux/goodvibes-sdk": "0.25.11",
     "bash-language-server": "^5.6.0",
     "fuse.js": "^7.1.0",
     "graphql": "^16.13.2",

package/src/cli/management.ts

@@ -601,7 +601,7 @@ async function renderAuth(runtime: CliCommandRuntime): Promise<string> {
     }
     if (sub === 'revoke-session') {
       const token = rest[0];
-      if (!token) return 'Usage: goodvibes auth revoke-session <token>';
+      if (!token) return 'Usage: goodvibes auth revoke-session <token-or-fingerprint>';
       return services.localUserAuthManager.revokeSession(token)
         ? 'Auth session revoked.'
         : 'No auth session found.';
@@ -637,7 +637,7 @@ async function renderAuth(runtime: CliCommandRuntime): Promise<string> {
     if (sub === 'sessions') {
       return formatJsonOrText(runtime.cli)(snapshot.sessions, [
         `GoodVibes auth sessions (${snapshot.sessions.length})`,
-        ...snapshot.sessions.map((session) => `  ${session.username} expires=${new Date(session.expiresAt).toISOString()} token=${session.token.slice(0, 8)}...`),
+        ...snapshot.sessions.map((session) => `  ${session.username} expires=${new Date(session.expiresAt).toISOString()} fingerprint=${session.tokenFingerprint}`),
       ].join('\n'));
     }
     return formatJsonOrText(runtime.cli)(value, [

package/src/input/command-registry.ts

@@ -80,6 +80,7 @@ export interface CommandShellUiOpeners {
   openOnboardingWizard?: (modeOrOptions?: OnboardingWizardMode | OpenOnboardingWizardOptions) => void;
   openModelPicker?: () => void;
   openModelPickerWithTarget?: (target: import('./model-picker.ts').ModelPickerTarget) => boolean;
+  openProviderModelPickerWithTarget?: (target: import('./model-picker.ts').ModelPickerTarget) => boolean;
   openProviderPicker?: () => void;
   openContextInspector?: () => void;
   openBookmarkModal?: () => void;

package/src/input/commands/cloudflare-runtime.ts

@@ -0,0 +1,370 @@
+import {
+  CLOUDFLARE_COMPONENT_IDS,
+  CLOUDFLARE_COMPONENT_LABELS,
+  DEFAULT_CLOUDFLARE_COMPONENT_SELECTION,
+  CloudflareDaemonRouteError,
+  createCloudflareDaemonClient,
+  type CloudflareComponent,
+  type CloudflareComponentSelection,
+  type CloudflareDaemonClient,
+  type CloudflareProvisionStep,
+} from '../../runtime/cloudflare-control-plane.ts';
+import type { CommandContext, CommandRegistry } from '../command-registry.ts';
+import { requireShellPaths } from './runtime-services.ts';
+
+interface ParsedCloudflareArgs {
+  readonly positional: readonly string[];
+  readonly flags: ReadonlyMap<string, readonly string[]>;
+}
+
+export function registerCloudflareRuntimeCommands(registry: CommandRegistry): void {
+  registry.register({
+    name: 'cloudflare',
+    aliases: ['cf'],
+    description: 'Inspect and manage optional Cloudflare batch/control-plane integration through daemon SDK routes',
+    usage: '[status|setup|requirements|create-token|discover|validate|provision|verify|disable] [flags]',
+    async handler(args, ctx) {
+      const subcommand = (args[0] ?? 'status').toLowerCase();
+      const parsed = parseCloudflareArgs(args.slice(1));
+      if (subcommand === 'setup' || subcommand === 'onboarding') {
+        ctx.openOnboardingWizard?.({ mode: 'edit', reset: true });
+        ctx.print('Opening onboarding wizard. Select the Cloudflare batch capability to configure Cloudflare.');
+        return;
+      }
+
+      let client: CloudflareDaemonClient;
+      try {
+        client = createCloudflareClient(ctx);
+      } catch (error) {
+        ctx.print(`Cloudflare command unavailable: ${formatCloudflareError(error)}`);
+        return;
+      }
+
+      try {
+        if (subcommand === 'status' || subcommand === 'show') {
+          const status = await client.status();
+          ctx.print([
+            'Cloudflare Status',
+            `  enabled: ${status.enabled ? 'yes' : 'no'}`,
+            `  ready: ${status.ready ? 'yes' : 'no'}`,
+            `  account: ${status.config.accountId || '(not set)'}`,
+            `  token ref: ${status.config.apiTokenRef || '(CLOUDFLARE_API_TOKEN fallback)'}`,
+            `  worker: ${status.config.workerName || '(not set)'}`,
+            `  worker URL: ${status.config.workerBaseUrl || '(not set)'}`,
+            `  queue: ${status.config.queueName || '(not set)'}`,
+            `  DLQ: ${status.config.deadLetterQueueName || '(not set)'}`,
+            `  tunnel: ${status.config.tunnelName || '(not set)'} ${status.config.tunnelId ? `(${status.config.tunnelId})` : ''}`.trimEnd(),
+            `  access app: ${status.config.accessAppId || '(not set)'}`,
+            `  batch mode: ${String(ctx.platform.configManager.get('batch.mode') ?? 'off')}`,
+            `  queue backend: ${String(ctx.platform.configManager.get('batch.queueBackend') ?? 'local')}`,
+            ...status.warnings.map((warning) => `  warning: ${warning}`),
+          ].join('\n'));
+          return;
+        }
+
+        if (subcommand === 'requirements') {
+          const result = await client.tokenRequirements({
+            components: componentsFromArgs(parsed),
+            includeBootstrap: true,
+          });
+          ctx.print([
+            'Cloudflare Token Requirements',
+            `  components: ${formatComponents(result.components)}`,
+            '  permissions:',
+            ...result.permissions.map((permission) => `    ${permission.scope}: ${permission.permission} (${permission.component}) - ${permission.reason}`),
+            ...(result.bootstrapToken.instructions.length > 0
+              ? ['  bootstrap token:', ...result.bootstrapToken.instructions.map((line) => `    ${line}`)]
+              : []),
+          ].join('\n'));
+          return;
+        }
+
+        if (subcommand === 'create-token') {
+          const bootstrapToken = getFlag(parsed, 'bootstrap-token') || readTokenEnv(parsed, 'bootstrap-env');
+          if (!bootstrapToken) {
+            ctx.print('Usage: /cloudflare create-token --account <account-id> --bootstrap-token <token> or --bootstrap-env <env-name>');
+            return;
+          }
+          const result = await client.createOperationalToken({
+            components: componentsFromArgs(parsed),
+            ...optionalString('accountId', getFlag(parsed, 'account') || getFlag(parsed, 'account-id')),
+            ...optionalString('zoneId', getFlag(parsed, 'zone-id')),
+            ...optionalString('zoneName', getFlag(parsed, 'zone') || getFlag(parsed, 'zone-name')),
+            bootstrapToken,
+            storeApiToken: true,
+            persistConfig: true,
+          });
+          ctx.print([
+            'Cloudflare Operational Token Created',
+            `  token: ${result.tokenName}${result.tokenId ? ` (${result.tokenId})` : ''}`,
+            `  account: ${result.accountId}`,
+            `  zone: ${result.zoneId || '(none)'}`,
+            `  stored ref: ${result.apiTokenRef ?? '(not stored)'}`,
+            '  revoke or expire the temporary bootstrap token after validation.',
+          ].join('\n'));
+          return;
+        }
+
+        if (subcommand === 'discover') {
+          const result = await client.discover({
+            ...cloudflareAuthInput(parsed),
+            components: componentsFromArgs(parsed),
+            ...optionalString('zoneId', getFlag(parsed, 'zone-id')),
+            ...optionalString('zoneName', getFlag(parsed, 'zone') || getFlag(parsed, 'zone-name')),
+            includeResources: !hasFlag(parsed, 'fast'),
+          });
+          ctx.print([
+            'Cloudflare Discovery',
+            `  token source: ${result.tokenSource}`,
+            `  accounts: ${result.accounts.length}`,
+            ...result.accounts.slice(0, 12).map((account) => `    account ${account.id}: ${account.name}`),
+            `  zones: ${result.zones.length}`,
+            ...result.zones.slice(0, 12).map((zone) => `    zone ${zone.id}: ${zone.name}${zone.status ? ` (${zone.status})` : ''}`),
+            `  worker subdomain: ${result.workerSubdomain || '(not detected)'}`,
+            `  queues: ${result.queues?.length ?? 0}`,
+            `  KV namespaces: ${result.kvNamespaces?.length ?? 0}`,
+            `  R2 buckets: ${result.r2Buckets?.length ?? 0}`,
+            ...result.warnings.map((warning) => `  warning: ${warning}`),
+          ].join('\n'));
+          return;
+        }
+
+        if (subcommand === 'validate') {
+          const result = await client.validate(cloudflareAuthInput(parsed));
+          ctx.print([
+            'Cloudflare Token Validation',
+            `  ok: ${result.ok ? 'yes' : 'no'}`,
+            `  token source: ${result.tokenSource}`,
+            result.account ? `  account: ${result.account.name} (${result.account.id})` : '  account: not resolved',
+          ].join('\n'));
+          return;
+        }
+
+        if (subcommand === 'provision') {
+          const result = await client.provision({
+            ...cloudflareAuthInput(parsed),
+            components: componentsFromArgs(parsed),
+            ...optionalString('accountId', getFlag(parsed, 'account') || getFlag(parsed, 'account-id')),
+            ...optionalString('zoneId', getFlag(parsed, 'zone-id')),
+            ...optionalString('zoneName', getFlag(parsed, 'zone') || getFlag(parsed, 'zone-name')),
+            ...optionalString('daemonBaseUrl', getFlag(parsed, 'daemon-url')),
+            ...optionalString('daemonHostname', getFlag(parsed, 'daemon-hostname')),
+            ...optionalString('workerName', getFlag(parsed, 'worker-name')),
+            ...optionalString('workerSubdomain', getFlag(parsed, 'worker-subdomain')),
+            ...optionalString('workerHostname', getFlag(parsed, 'worker-hostname')),
+            ...optionalString('workerBaseUrl', getFlag(parsed, 'worker-url')),
+            ...optionalString('queueName', getFlag(parsed, 'queue') || getFlag(parsed, 'queue-name')),
+            ...optionalString('deadLetterQueueName', getFlag(parsed, 'dlq') || getFlag(parsed, 'dead-letter-queue')),
+            ...optionalString('tunnelName', getFlag(parsed, 'tunnel-name')),
+            ...optionalString('tunnelId', getFlag(parsed, 'tunnel-id')),
+            ...optionalString('tunnelServiceUrl', getFlag(parsed, 'tunnel-service-url')),
+            ...optionalString('tunnelTokenRef', getFlag(parsed, 'tunnel-token-ref')),
+            ...optionalString('accessAppId', getFlag(parsed, 'access-app-id')),
+            ...optionalString('accessServiceTokenId', getFlag(parsed, 'access-service-token-id')),
+            ...optionalString('accessServiceTokenRef', getFlag(parsed, 'access-service-token-ref')),
+            ...optionalString('kvNamespaceName', getFlag(parsed, 'kv-namespace-name')),
+            ...optionalString('kvNamespaceId', getFlag(parsed, 'kv-namespace-id')),
+            ...optionalString('durableObjectNamespaceName', getFlag(parsed, 'do-namespace-name') || getFlag(parsed, 'durable-object-namespace-name')),
+            ...optionalString('durableObjectNamespaceId', getFlag(parsed, 'do-namespace-id') || getFlag(parsed, 'durable-object-namespace-id')),
+            ...optionalString('r2BucketName', getFlag(parsed, 'r2-bucket-name')),
+            ...optionalString('secretsStoreName', getFlag(parsed, 'secrets-store-name')),
+            ...optionalString('secretsStoreId', getFlag(parsed, 'secrets-store-id')),
+            ...optionalString('workerCron', getFlag(parsed, 'worker-cron')),
+            ...optionalString('operatorToken', getFlag(parsed, 'operator-token')),
+            ...optionalString('operatorTokenRef', getFlag(parsed, 'operator-token-ref')),
+            ...optionalString('workerClientToken', getFlag(parsed, 'worker-client-token')),
+            ...optionalString('workerClientTokenRef', getFlag(parsed, 'worker-client-token-ref')),
+            ...optionalBatchMode(readBatchMode(parsed)),
+            persistConfig: true,
+            verify: !hasFlag(parsed, 'no-verify'),
+            storeApiToken: !hasFlag(parsed, 'no-store-token'),
+            enableWorkersDev: !hasFlag(parsed, 'no-workers-dev'),
+          });
+          ctx.print([
+            'Cloudflare Provisioning',
+            `  ok: ${result.ok ? 'yes' : 'no'}`,
+            ...(result.worker ? [`  worker: ${result.worker.name}${result.worker.baseUrl ? ` at ${result.worker.baseUrl}` : ''}`] : []),
+            ...(result.queues ? [`  queues: ${result.queues.queueName}; DLQ ${result.queues.deadLetterQueueName}`] : []),
+            ...(result.tunnel ? [`  tunnel: ${result.tunnel.name} (${result.tunnel.id})${result.tunnel.hostname ? ` ${result.tunnel.hostname}` : ''}`] : []),
+            ...(result.access ? [`  access: app=${result.access.appId || '(none)'} serviceToken=${result.access.serviceTokenId || '(none)'}`] : []),
+            ...(result.dns ? [`  dns: ${result.dns.zoneName || result.dns.zoneId} records=${result.dns.records.length}`] : []),
+            ...(result.kv ? [`  kv: ${result.kv.namespaceName} (${result.kv.namespaceId})`] : []),
+            ...(result.r2 ? [`  r2: ${result.r2.bucketName}`] : []),
+            ...(result.secretsStore ? [`  secrets store: ${result.secretsStore.storeName} (${result.secretsStore.storeId})`] : []),
+            ...formatProvisionSteps(result.steps),
+          ].join('\n'));
+          return;
+        }
+
+        if (subcommand === 'verify') {
+          const result = await client.verify({
+            ...optionalString('workerBaseUrl', getFlag(parsed, 'worker-url')),
+            ...optionalString('workerClientToken', getFlag(parsed, 'worker-token')),
+            ...optionalString('workerClientTokenRef', getFlag(parsed, 'worker-token-ref')),
+          });
+          ctx.print([
+            'Cloudflare Verification',
+            `  ok: ${result.ok ? 'yes' : 'no'}`,
+            `  worker health: ${result.workerHealth.ok ? 'ok' : 'failed'} (HTTP ${result.workerHealth.status})${result.workerHealth.error ? ` - ${result.workerHealth.error}` : ''}`,
+            ...(result.daemonBatchProxy ? [`  daemon batch proxy: ${result.daemonBatchProxy.ok ? 'ok' : 'failed'} (HTTP ${result.daemonBatchProxy.status})${result.daemonBatchProxy.error ? ` - ${result.daemonBatchProxy.error}` : ''}`] : []),
+          ].join('\n'));
+          return;
+        }
+
+        if (subcommand === 'disable') {
+          const result = await client.disable({
+            ...cloudflareAuthInput(parsed),
+            ...optionalString('workerName', getFlag(parsed, 'worker-name')),
+            disableWorkerSubdomain: hasFlag(parsed, 'disable-worker-subdomain'),
+            disableCron: !hasFlag(parsed, 'keep-cron'),
+            persistConfig: true,
+          });
+          ctx.print([
+            'Cloudflare Disabled',
+            `  ok: ${result.ok ? 'yes' : 'no'}`,
+            ...formatProvisionSteps(result.steps),
+          ].join('\n'));
+          return;
+        }
+
+        ctx.print('Usage: /cloudflare [status|setup|requirements|create-token|discover|validate|provision|verify|disable] [flags]');
+      } catch (error) {
+        ctx.print(`Cloudflare ${subcommand} failed: ${formatCloudflareError(error)}`);
+      }
+    },
+  });
+}
+
+function createCloudflareClient(ctx: CommandContext): CloudflareDaemonClient {
+  const shellPaths = requireShellPaths(ctx);
+  return createCloudflareDaemonClient({
+    configManager: ctx.platform.configManager,
+    homeDirectory: shellPaths.homeDirectory,
+  });
+}
+
+function parseCloudflareArgs(args: readonly string[]): ParsedCloudflareArgs {
+  const positional: string[] = [];
+  const flags = new Map<string, string[]>();
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index]!;
+    if (!arg.startsWith('--')) {
+      positional.push(arg);
+      continue;
+    }
+    const raw = arg.slice(2);
+    const equalsIndex = raw.indexOf('=');
+    if (equalsIndex >= 0) {
+      const key = raw.slice(0, equalsIndex);
+      const value = raw.slice(equalsIndex + 1);
+      flags.set(key, [...(flags.get(key) ?? []), value]);
+      continue;
+    }
+    const next = args[index + 1];
+    if (next && !next.startsWith('--')) {
+      flags.set(raw, [...(flags.get(raw) ?? []), next]);
+      index += 1;
+    } else {
+      flags.set(raw, [...(flags.get(raw) ?? []), 'true']);
+    }
+  }
+  return { positional, flags };
+}
+
+function hasFlag(args: ParsedCloudflareArgs, key: string): boolean {
+  return args.flags.has(key);
+}
+
+function getFlag(args: ParsedCloudflareArgs, key: string): string {
+  const values = args.flags.get(key);
+  const value = values?.[values.length - 1] ?? '';
+  return value === 'true' ? '' : value.trim();
+}
+
+function getFlagValues(args: ParsedCloudflareArgs, key: string): readonly string[] {
+  return args.flags.get(key)?.map((value) => value.trim()).filter(Boolean) ?? [];
+}
+
+function componentsFromArgs(args: ParsedCloudflareArgs): Record<CloudflareComponent, boolean> {
+  const components: Record<CloudflareComponent, boolean> = { ...DEFAULT_CLOUDFLARE_COMPONENT_SELECTION };
+  if (hasFlag(args, 'all') || hasFlag(args, 'advanced')) {
+    for (const component of CLOUDFLARE_COMPONENT_IDS) components[component] = true;
+  }
+  for (const raw of [...args.positional, ...getFlagValues(args, 'component')]) {
+    const normalized = normalizeComponent(raw);
+    if (normalized) components[normalized] = true;
+  }
+  for (const raw of getFlagValues(args, 'no-component')) {
+    const normalized = normalizeComponent(raw);
+    if (normalized) components[normalized] = false;
+  }
+  return components;
+}
+
+function normalizeComponent(value: string): CloudflareComponent | null {
+  const normalized = value.trim().toLowerCase().replace(/[-_]/g, '');
+  for (const component of CLOUDFLARE_COMPONENT_IDS) {
+    if (component.toLowerCase() === normalized) return component;
+  }
+  if (normalized === 'workerscript' || normalized === 'worker') return 'workers';
+  if (normalized === 'queue') return 'queues';
+  if (normalized === 'tunnel') return 'zeroTrustTunnel';
+  if (normalized === 'access') return 'zeroTrustAccess';
+  if (normalized === 'domain' || normalized === 'hostname') return 'dns';
+  if (normalized === 'do' || normalized === 'durableobject') return 'durableObjects';
+  if (normalized === 'secret' || normalized === 'secrets') return 'secretsStore';
+  return null;
+}
+
+function formatComponents(components: CloudflareComponentSelection): string {
+  const selected = CLOUDFLARE_COMPONENT_IDS
+    .filter((component) => components[component] === true)
+    .map((component) => CLOUDFLARE_COMPONENT_LABELS[component]);
+  return selected.length > 0 ? selected.join(', ') : 'none';
+}
+
+function cloudflareAuthInput(args: ParsedCloudflareArgs): {
+  readonly accountId?: string;
+  readonly apiToken?: string;
+  readonly apiTokenRef?: string;
+} {
+  const token = getFlag(args, 'token') || readTokenEnv(args, 'token-env');
+  const tokenRef = getFlag(args, 'token-ref');
+  return {
+    ...optionalString('accountId', getFlag(args, 'account') || getFlag(args, 'account-id')),
+    ...(token ? { apiToken: token } : tokenRef ? { apiTokenRef: tokenRef } : {}),
+  };
+}
+
+function readTokenEnv(args: ParsedCloudflareArgs, key: string): string {
+  const envName = getFlag(args, key);
+  if (!envName) return '';
+  return process.env[envName] ?? '';
+}
+
+function readBatchMode(args: ParsedCloudflareArgs): 'off' | 'explicit' | 'eligible-by-default' | undefined {
+  const value = getFlag(args, 'batch-mode');
+  if (value === 'off' || value === 'explicit' || value === 'eligible-by-default') return value;
+  return undefined;
+}
+
+function optionalString<K extends string>(key: K, value: string): Partial<Record<K, string>> {
+  return value.trim().length > 0 ? { [key]: value.trim() } as Partial<Record<K, string>> : {};
+}
+
+function optionalBatchMode(value: ReturnType<typeof readBatchMode>): { readonly batchMode?: 'off' | 'explicit' | 'eligible-by-default' } {
+  return value ? { batchMode: value } : {};
+}
+
+function formatProvisionSteps(steps: readonly CloudflareProvisionStep[]): string[] {
+  return steps.length > 0
+    ? steps.map((step) => `  ${step.status}: ${step.name}${step.message ? ` - ${step.message}` : ''}`)
+    : ['  no steps returned'];
+}
+
+function formatCloudflareError(error: unknown): string {
+  if (error instanceof CloudflareDaemonRouteError) {
+    return `${error.message} (HTTP ${error.status}, ${error.code})`;
+  }
+  return error instanceof Error ? error.message : String(error);
+}

package/src/input/commands/local-auth-runtime.ts

@@ -65,10 +65,10 @@ export function handleLocalAuthCommand(args: string[], ctx: CommandContext): voi
   if (sub === 'revoke-session') {
     const token = args[1];
     if (!token) {
-      ctx.print('Usage: /auth local revoke-session <token>');
+      ctx.print('Usage: /auth local revoke-session <token-or-fingerprint>');
       return;
     }
-    ctx.print(auth.revokeSession(token) ? `Revoked session ${token.slice(0, 12)}…` : `Unknown session token: ${token}`);
+    ctx.print(auth.revokeSession(token) ? `Revoked session ${token.slice(0, 12)}…` : `Unknown session token or fingerprint: ${token}`);
     return;
   }
 
@@ -88,7 +88,7 @@ export function handleLocalAuthCommand(args: string[], ctx: CommandContext): voi
     `  users: ${snapshot.userCount}`,
     `  sessions: ${snapshot.sessionCount}`,
     ...snapshot.users.map((user) => `  user: ${user.username}  roles=${formatRoles(user.roles)}`),
-    ...snapshot.sessions.map((session) => `  session: ${session.username}  expires=${new Date(session.expiresAt).toISOString()}  token=${session.token.slice(0, 12)}…`),
+    ...snapshot.sessions.map((session) => `  session: ${session.username}  expires=${new Date(session.expiresAt).toISOString()}  fingerprint=${session.tokenFingerprint}`),
   ].join('\n'));
 }
 
@@ -97,7 +97,7 @@ export function registerLocalAuthRuntimeCommands(registry: CommandRegistry): voi
     name: 'local-auth',
     aliases: ['auth-local'],
     description: 'Inspect and manage local daemon/listener auth users, sessions, and bootstrap credentials',
-    usage: '[review|panel|add-user <username> <password> [roles]|delete-user <username>|rotate-password <username> <password>|revoke-session <token>|clear-bootstrap-file]',
+    usage: '[review|panel|add-user <username> <password> [roles]|delete-user <username>|rotate-password <username> <password>|revoke-session <token-or-fingerprint>|clear-bootstrap-file]',
     handler(args, ctx) {
       handleLocalAuthCommand(args, ctx);
     },

package/src/input/commands/tts-runtime.ts

@@ -1,4 +1,5 @@
 import type { ConfigKey } from '@pellux/goodvibes-sdk/platform/config/schema';
+import type { ModelDefinition } from '@pellux/goodvibes-sdk/platform/providers/registry';
 import type { CommandContext, CommandRegistry } from '../command-registry.ts';
 import type { SelectionItem } from '../selection-modal.ts';
 
@@ -60,13 +61,14 @@ export function registerTtsRuntimeCommands(registry: CommandRegistry): void {
           ctx.print('TTS LLM override cleared. /tts will use the current chat model.');
           return;
         }
-        if (ctx.openModelPickerWithTarget?.('tts')) return;
+        if (openTtsLlmPicker(ctx)) return;
         ctx.print('TTS LLM picker is not available in this runtime. Use /config-tts llm-provider <id> and /config-tts llm-model <model>.');
         return;
       }
       if (TTS_CONFIG_KEYS.has(sub)) {
         const value = args.slice(1).join(' ').trim();
         if (!value) {
+          if ((sub === 'llm-provider' || sub === 'llm-model') && openTtsLlmPicker(ctx)) return;
           ctx.print(`Usage: /config-tts ${sub} <value|clear>`);
           return;
         }
@@ -75,6 +77,14 @@ export function registerTtsRuntimeCommands(registry: CommandRegistry): void {
         const previousProvider = key === 'tts.provider'
           ? String(ctx.platform.configManager.get('tts.provider') ?? '').trim()
           : '';
+        if (key === 'tts.llmProvider') {
+          setTtsLlmProvider(ctx, nextValue);
+          return;
+        }
+        if (key === 'tts.llmModel') {
+          setTtsLlmModel(ctx, nextValue);
+          return;
+        }
         setTtsConfigValue(ctx, key, nextValue);
         if (key === 'tts.provider' && previousProvider && previousProvider !== nextValue) {
           setTtsConfigValue(ctx, 'tts.voice', '');
@@ -119,7 +129,8 @@ function openTtsConfigModal(ctx: CommandContext): boolean {
   const voice = String(cm.get('tts.voice') ?? '').trim() || '(provider default)';
   const llmProvider = String(cm.get('tts.llmProvider') ?? '').trim();
   const llmModel = String(cm.get('tts.llmModel') ?? '').trim();
-  const llm = llmProvider || llmModel ? `${llmProvider || 'provider'} / ${llmModel || 'model'}` : '(current chat model)';
+  const llmProviderLabel = llmProvider || '(current chat provider)';
+  const llmModelLabel = llmModel || '(current chat model)';
   const items: SelectionItem[] = [
     {
       id: 'provider',
@@ -138,12 +149,20 @@ function openTtsConfigModal(ctx: CommandContext): boolean {
       actions: '[Enter] choose',
     },
     {
-      id: 'llm',
-      label: 'TTS response model override',
-      detail: llm,
+      id: 'llm-provider',
+      label: 'TTS LLM provider',
+      detail: llmProviderLabel,
+      category: 'response generation',
+      primaryAction: 'select',
+      actions: '[Enter] choose provider and model',
+    },
+    {
+      id: 'llm-model',
+      label: 'TTS LLM model',
+      detail: llmModelLabel,
       category: 'response generation',
       primaryAction: 'select',
-      actions: '[Enter] choose model',
+      actions: '[Enter] choose provider and model',
     },
     {
       id: 'clear-voice',
@@ -171,10 +190,12 @@ function openTtsConfigModal(ctx: CommandContext): boolean {
       void openTtsVoicePicker(ctx);
       return;
     }
-    if (result.item.id === 'llm') {
-      if (!ctx.openModelPickerWithTarget?.('tts')) {
-        ctx.print('TTS LLM picker is not available in this runtime.');
-      }
+    if (result.item.id === 'llm-provider') {
+      openTtsLlmPicker(ctx);
+      return;
+    }
+    if (result.item.id === 'llm-model') {
+      openTtsLlmPicker(ctx);
       return;
     }
     if (result.item.id === 'clear-voice') {
@@ -191,6 +212,11 @@ function openTtsConfigModal(ctx: CommandContext): boolean {
   return true;
 }
 
+function openTtsLlmPicker(ctx: CommandContext): boolean {
+  if (ctx.openProviderModelPickerWithTarget?.('tts')) return true;
+  return ctx.openModelPickerWithTarget?.('tts') ?? false;
+}
+
 function getStreamingTtsProviders(ctx: CommandContext): Array<{ id: string; label: string; capabilities: readonly string[] }> {
   const registry = ctx.platform.voiceProviderRegistry;
   if (!registry) {
@@ -253,6 +279,63 @@ function printTtsProviders(ctx: CommandContext): void {
   ].join('\n'));
 }
 
+function getSelectableLlmModels(ctx: CommandContext): ModelDefinition[] {
+  const registry = ctx.provider.providerRegistry as Partial<Pick<typeof ctx.provider.providerRegistry, 'getSelectableModels' | 'listModels'>>;
+  if (typeof registry.getSelectableModels === 'function') return registry.getSelectableModels();
+  if (typeof registry.listModels === 'function') return registry.listModels().filter((model) => model.selectable !== false);
+  return [];
+}
+
+function setTtsLlmProvider(ctx: CommandContext, nextValue: string): void {
+  if (!nextValue) {
+    setTtsConfigValue(ctx, 'tts.llmProvider', '');
+    setTtsConfigValue(ctx, 'tts.llmModel', '');
+    ctx.print('TTS LLM override cleared. /tts will use the current chat model.');
+    return;
+  }
+  const previousProvider = String(ctx.platform.configManager.get('tts.llmProvider') ?? '').trim();
+  setTtsConfigValue(ctx, 'tts.llmProvider', nextValue);
+  if (previousProvider && previousProvider !== nextValue) {
+    setTtsConfigValue(ctx, 'tts.llmModel', '');
+    ctx.print(`TTS LLM provider set to ${nextValue}. TTS LLM model was cleared because models are provider-specific.`);
+    return;
+  }
+  ctx.print(`TTS LLM provider set to ${nextValue}.`);
+}
+
+function setTtsLlmModel(ctx: CommandContext, nextValue: string): void {
+  if (!nextValue) {
+    setTtsConfigValue(ctx, 'tts.llmModel', '');
+    ctx.print('TTS LLM model override cleared. /tts will use the current chat model unless a model is selected.');
+    return;
+  }
+  const preferredProvider = String(ctx.platform.configManager.get('tts.llmProvider') ?? '').trim() || undefined;
+  const selected = findSelectableLlmModel(ctx, nextValue, preferredProvider);
+  if (selected) {
+    setTtsConfigValue(ctx, 'tts.llmProvider', selected.provider);
+    setTtsConfigValue(ctx, 'tts.llmModel', getModelRegistryKey(selected));
+    ctx.print(`TTS LLM set to ${selected.displayName} (${selected.provider}).`);
+    return;
+  }
+  setTtsConfigValue(ctx, 'tts.llmModel', nextValue);
+  ctx.print(`tts.llmModel set to ${nextValue}.`);
+}
+
+function findSelectableLlmModel(ctx: CommandContext, ref: string, preferredProvider?: string): ModelDefinition | undefined {
+  const matches = getSelectableLlmModels(ctx).filter((model) =>
+    model.registryKey === ref || model.id === ref || model.displayName === ref,
+  );
+  if (preferredProvider) {
+    const providerMatch = matches.find((model) => model.provider === preferredProvider);
+    if (providerMatch) return providerMatch;
+  }
+  return matches[0];
+}
+
+function getModelRegistryKey(model: ModelDefinition): string {
+  return model.registryKey ?? `${model.provider}:${model.id}`;
+}
+
 async function openTtsVoicePicker(ctx: CommandContext, providerArg?: string): Promise<boolean> {
   if (!ctx.openSelection) return false;
   const service = ctx.platform.voiceService;

package/src/input/commands.ts

@@ -55,6 +55,7 @@ import { registerConversationRuntimeCommands } from './commands/conversation-run
 import { registerQrcodeRuntimeCommands } from './commands/qrcode-runtime.ts';
 import { registerOnboardingRuntimeCommands } from './commands/onboarding-runtime.ts';
 import { registerTtsRuntimeCommands } from './commands/tts-runtime.ts';
+import { registerCloudflareRuntimeCommands } from './commands/cloudflare-runtime.ts';
 
 /**
  * registerBuiltinCommands - Register all built-in slash commands into the registry.
@@ -104,6 +105,7 @@ export function registerBuiltinCommands(registry: CommandRegistry): void {
   registerQrcodeRuntimeCommands(registry);
   registerOnboardingRuntimeCommands(registry);
   registerTtsRuntimeCommands(registry);
+  registerCloudflareRuntimeCommands(registry);
   registerLocalRuntimeCommands(registry);
   registerSessionWorkflowCommands(registry);
   registerDiscoveryRuntimeCommands(registry);

package/src/input/feed-context-factory.ts

@@ -152,6 +152,7 @@ export interface FeedContextClosures {
   cleanupMarkerRegistry: (text: string) => void;
   expandPrompt: (text: string) => string | import('@pellux/goodvibes-sdk/platform/providers/interface').ContentPart[];
   openModelPickerWithTarget: (target: ModelPickerTarget, source?: 'settings' | 'onboarding') => boolean;
+  openProviderModelPickerWithTarget: (target: ModelPickerTarget, source?: 'settings' | 'onboarding') => boolean;
   onModelPickerCommit: () => boolean;
   onOnboardingAction: (action: import('./onboarding/onboarding-wizard.ts').OnboardingWizardAction) => void;
 }

package/src/input/handler-feed.ts

@@ -153,6 +153,7 @@ export interface InputFeedContext {
   readonly cleanupMarkerRegistry: (text: string) => void;
   readonly expandPrompt: (text: string) => string | import('@pellux/goodvibes-sdk/platform/providers/interface').ContentPart[];
   readonly openModelPickerWithTarget: (target: ModelPickerTarget, source?: 'settings' | 'onboarding') => boolean;
+  readonly openProviderModelPickerWithTarget: (target: ModelPickerTarget, source?: 'settings' | 'onboarding') => boolean;
   readonly onModelPickerCommit: () => boolean;
   readonly onOnboardingAction: (action: OnboardingWizardAction) => void;
   readonly exitApp: () => void;
@@ -176,6 +177,10 @@ export function feedInputTokens(context: InputFeedContext, tokens: readonly Inpu
       searchShortcutMatch: token.type === 'key' && keybindings.matches('search', token),
       selectionModal: context.selectionModal,
       selectionCallback: context.selectionCallback,
+      getSelectionCallback: () => context.selectionCallback,
+      setSelectionCallback: (callback) => {
+        context.selectionCallback = callback;
+      },
       bookmarkModal: context.bookmarkModal,
       settingsModal: context.settingsModal,
       sessionPickerModal: context.sessionPickerModal,
@@ -213,6 +218,7 @@ export function feedInputTokens(context: InputFeedContext, tokens: readonly Inpu
       scroll: context.scroll,
       getScrollTop: context.getScrollTop,
       openModelPickerWithTarget: context.openModelPickerWithTarget,
+      openProviderModelPickerWithTarget: context.openProviderModelPickerWithTarget,
       onModelPickerCommit: context.onModelPickerCommit,
       onOnboardingAction: context.onOnboardingAction,
     }, token);