@trenchwork/coder 1.4.0 → 1.5.0

package/dist/headless/interactiveShell.js

@@ -32,9 +32,10 @@ import { createAgentController } from '../runtime/agentController.js';
 import { expandFileMentions, listWorkspaceFiles } from '../core/fileMentions.js';
 import { resolveWorkspaceCaptureOptions, buildWorkspaceContext } from '../workspace.js';
 import { loadAllSecrets, listSecretDefinitions, setSecretValue, getSecretValue, getSecretDefinition, classifyKeyEntry } from '../core/secretStore.js';
-import { resolveKeyMode, keyModeLine, setPreferOwnKeys, clearHostedSession, loginViaLoopback } from '../core/hostedAuth.js';
+import { resolveKeyMode, keyModeLine } from '../core/keyResolution.js';
 import { appendMemoryNote } from '../tools/memoryTools.js';
 import { recordDeepSeekUsage, getUsage, TAVILY_MONTHLY_FREE, TAVILY_ONE_TIME_BONUS } from '../core/usage.js';
+import { TurnTokenMeter } from '../core/turnTokenMeter.js';
 import { listSessions, loadSessionById, saveSessionSnapshot } from '../core/sessionStore.js';
 import { relativeTime } from '../core/relativeTime.js';
 import { getModelContextInfo } from '../core/contextWindow.js';
@@ -59,6 +60,7 @@ import { startNewRun } from '../tools/fileChangeTracker.js';
 import { onSudoPasswordNeeded, offSudoPasswordNeeded, provideSudoPassword } from '../core/sudoPasswordManager.js';
 import { reportStatus, setStatusSink } from '../utils/statusReporter.js';
 import { isSafetyRefusal } from '../core/refusalDetection.js';
+import { shouldSynthesizeFromReasoning } from '../core/reasoningFallback.js';
 import { formatToolCall, toolActivityLabel, formatToolResult, formatToolError } from '../shell/toolPresentation.js';
 // Tool-result display (ANSI stripping, summarisation, the `⎿` block) now lives
 // in ../shell/toolPresentation.ts — the shell just emits the formatted strings.
@@ -152,16 +154,11 @@ function welcomeBodyLines(input) {
     const title = input.version ? `✻ Welcome to Trenchwork Coder ${input.version}` : '✻ Welcome to Trenchwork Coder';
     const body = [title, ''];
     const mode = input.keyMode ?? (input.hasApiKey ? 'own' : 'none');
-    if (mode === 'hosted') {
-        // Signed in — running on hosted keys. The mode line names the account so
-        // it's unmistakable this is NOT the user's own key.
-        body.push(input.keyModeLine ?? 'Signed in · using hosted keys');
-    }
-    else if (mode === 'own') {
+    if (mode === 'own') {
         body.push(`${input.model} · ${input.provider}`, `Key: ${input.maskedKey} · /help for commands`);
     }
     else {
-        body.push('⚠ No DeepSeek API key configured', '', '/login       Sign in with Google for hosted keys', '', 'Or bring your own:', '  /key sk-…    DeepSeek (required) · platform.deepseek.com', '  /key tvly-…  Tavily web search (optional) · tavily.com');
+        body.push('⚠ No DeepSeek API key configured', '', '  /key sk-…    DeepSeek (required) · platform.deepseek.com', '  /key tvly-…  Tavily web search (optional) · tavily.com');
     }
     if (input.cwd)
         body.push(`cwd: ${input.cwd}`);
@@ -270,6 +267,9 @@ class InteractiveShell {
     // currently occupying the context window). Drives the accurate "% context
     // left" chrome indicator and the /context view.
     lastInputTokens = null;
+    // Live `↑ N tokens` source: estimates from streamed chars, snaps to the
+    // provider-exact count on each usage event; resets per user turn.
+    turnTokenMeter = new TurnTokenMeter();
     ctrlCCount = 0;
     lastCtrlCTime = 0;
     // Set when the user Ctrl+C interrupts a run; suppresses the auto-continue
@@ -457,16 +457,7 @@ class InteractiveShell {
                 // even though the fake "run" had no controller.send). Pending items
                 // will hit the normal early guard + error path, but the queue/dequeue
                 // logic itself runs for the test assertions.
-                if (this.pendingPrompts.length > 0 && !this.shouldExit) {
-                    const next = this.pendingPrompts.shift();
-                    if (next) {
-                        const r = this.promptController?.getRenderer();
-                        r?.setFollowUpQueueMode(false);
-                        r?.addUserHistoryItem(next);
-                        r?.setQueuedPrompts(this.pendingPrompts.slice());
-                        void this.processPrompt(next).catch(() => { });
-                    }
-                }
+                void this.drainNextQueuedPrompt().catch(() => { });
             }, forceBusyMs);
         }
         // Process any queued prompts
@@ -840,6 +831,12 @@ class InteractiveShell {
                     setSecretValue(entry.id, entry.value);
                     const label = getSecretDefinition(entry.id)?.label ?? entry.id;
                     renderer?.addEvent('system', chalk.green(`✓ ${label} saved`));
+                    // Re-render the welcome banner so it reflects the now-saved DeepSeek
+                    // key (masked key + model) instead of still showing "No DeepSeek API
+                    // key configured". Tavily-only saves don't appear in the banner.
+                    if (entry.id === 'DEEPSEEK_API_KEY') {
+                        void this.showWelcome();
+                    }
                 }
                 catch (error) {
                     const msg = error instanceof Error ? error.message : String(error);
@@ -851,34 +848,6 @@ class InteractiveShell {
             }
             return true;
         }
-        // /account — show the active key source (hosted vs your own) and switch
-        // between them. `/account own` forces your own keys even while signed in;
-        // `/account hosted` returns to hosted. Hosted keys come from sign-in
-        // (server-side, never baked into this client) — see core/hostedAuth.ts.
-        if (lower === '/account' || lower.startsWith('/account ')) {
-            const r = this.promptController?.getRenderer();
-            const arg = trimmed.slice('/account'.length).trim().toLowerCase();
-            if (arg === 'own')
-                setPreferOwnKeys(true);
-            else if (arg === 'hosted')
-                setPreferOwnKeys(false);
-            if (arg === 'own' || arg === 'hosted')
-                void this.showWelcome(); // banner reflects the switch
-            r?.addEvent('system', this.accountStatusText(resolveKeyMode()));
-            return true;
-        }
-        // /login — Google sign-in via ero.solar (loopback OAuth) to unlock hosted keys.
-        if (lower === '/login' || lower === '/signin') {
-            void this.handleLogin();
-            return true;
-        }
-        // /logout — drop the hosted session (back to your own keys, or none).
-        if (lower === '/logout' || lower === '/signout') {
-            clearHostedSession();
-            this.promptController?.getRenderer()?.addEvent('system', chalk.green('✓ Signed out — using your own keys.'));
-            void this.showWelcome();
-            return true;
-        }
         // /update — check npm for a newer version and upgrade in-shell.
         if (lower === '/update' || lower === '/upgrade') {
             void this.handleUpdateCommand();
@@ -923,8 +892,7 @@ class InteractiveShell {
             return true;
         }
         // /cost — DeepSeek tokens + Tavily searches consumed (this session + all
-        // time), and the hosted free-pool reference. Account-wide remaining is a
-        // backend number shown in the ero.solar portal.
+        // time), and the Tavily shared-proxy free-pool reference.
         if (lower === '/cost' || lower === '/spend') {
             this.showUsage();
             return true;
@@ -1486,8 +1454,7 @@ class InteractiveShell {
             label('DeepSeek') + dim(`${ds(cumulative)}   ·   this session ${ds(session)}`),
             label('Tavily') + dim(`${cumulative.tavilySearches} searches   ·   this session ${session.tavilySearches}`),
             '',
-            dim(`Hosted free pool: Tavily ${TAVILY_MONTHLY_FREE.toLocaleString('en-US')}/mo + ${TAVILY_ONE_TIME_BONUS.toLocaleString('en-US')} one-time bonus.`),
-            dim('Account-wide totals + remaining show in the ero.solar portal after sign-in.'),
+            dim(`Tavily free pool: ${TAVILY_MONTHLY_FREE.toLocaleString('en-US')}/mo + ${TAVILY_ONE_TIME_BONUS.toLocaleString('en-US')} one-time bonus (shared proxy; set your own key for unlimited).`),
         ];
         this.promptController.setInlinePanel(lines);
         this.scheduleInlinePanelDismiss();
@@ -1575,54 +1542,6 @@ class InteractiveShell {
         revertAllChanges(this.workingDir); // restores/deletes on disk + clears tracking
         renderer?.addEvent('system', chalk.green('✓ ' + rewindResultLine(restored, deleted)));
     }
-    /** One-line summary of the active key source for /account. */
-    accountStatusText(s) {
-        if (s.mode === 'hosted') {
-            return chalk.green(`Hosted keys · signed in as ${s.email}.`) +
-                chalk.dim(` /account own to use your own · /logout to sign out.`);
-        }
-        if (s.mode === 'own') {
-            return chalk.green(`Your own keys · DeepSeek${s.ownTavily ? ' + Tavily' : ''}.`) +
-                chalk.dim(s.signedIn ? ` /account hosted to use hosted keys.` : ` /login to use hosted keys.`);
-        }
-        return chalk.yellow('No keys configured.') +
-            chalk.dim(' /login for hosted keys, or set your own: /key sk-… (and /key tvly-…).');
-    }
-    /**
-     * /login — Google sign-in via ero.solar. Opens the browser to the SSO URL and
-     * runs a one-shot 127.0.0.1 loopback server that captures the redirect with
-     * the short-lived token (see core/hostedAuth.ts). On success the CLI is on
-     * hosted keys; no key ever touches this client.
-     */
-    async handleLogin() {
-        const r = this.promptController?.getRenderer();
-        const status = resolveKeyMode();
-        if (status.signedIn) {
-            r?.addEvent('system', chalk.green(`Already signed in as ${status.email}.`) +
-                chalk.dim(' /logout to sign out · /account to switch key source.'));
-            return;
-        }
-        r?.addEvent('system', chalk.dim('Opening ero.solar sign-in in your browser — finish there, then return here…'));
-        const result = await loginViaLoopback({ open: (url) => this.openInBrowser(url) });
-        if (result.ok && result.session) {
-            r?.addEvent('system', chalk.green(`✓ Signed in as ${result.session.email} — using hosted keys.`));
-            void this.showWelcome();
-        }
-        else {
-            r?.addEvent('system', chalk.yellow(`Sign-in didn't complete: ${result.error ?? 'unknown error'}.`) +
-                chalk.dim(' Retry /login, or use /key sk-… for your own key.'));
-        }
-    }
-    /** Best-effort open a URL in the OS browser; also prints it as a fallback. */
-    openInBrowser(url) {
-        const opener = process.platform === 'darwin' ? 'open'
-            : process.platform === 'win32' ? 'start ""'
-                : 'xdg-open';
-        // url is built by loginViaLoopback (no user input) and JSON-quoted, so the
-        // `&` in the query string can't break out of the argument.
-        childExec(`${opener} ${JSON.stringify(url)}`, () => { });
-        this.promptController?.getRenderer()?.addEvent('system', chalk.dim(`If the browser didn't open: ${url}`));
-    }
     showHelp() {
         if (!this.promptController?.supportsInlinePanel()) {
             this.promptController?.setStatusMessage('Help: /key sk-… (everything else is automatic)');
@@ -1637,10 +1556,8 @@ class InteractiveShell {
         const lines = [
             chalk.bold.hex('#e8e9ed')('Trenchwork Coder') + dim('  (press any key to dismiss)'),
             '',
-            cmd('/login') + dim('       Sign in with Google (ero.solar) to use hosted keys'),
             cmd('/key sk-…') + dim('     Set your DeepSeek API key (required)'),
             cmd('/key tvly-…') + dim('   Set your Tavily key for web search (optional)'),
-            cmd('/account') + dim('      Show / switch key source (hosted vs your own)'),
             cmd('/update') + dim('      Check npm and upgrade to the latest version'),
             cmd('/resume') + dim('      Restore a previous conversation'),
             cmd('/context') + dim('     Show context-window usage'),
@@ -1778,6 +1695,27 @@ class InteractiveShell {
         }
         void this.processPrompt(trimmed);
     }
+    /**
+     * Dequeue and run the next live follow-up, if any: commit its user line to
+     * history, refresh the transient queue UI, then process it. Single source of
+     * truth for the dequeue so the per-turn drain and the test seam can't drift —
+     * that drift is exactly how a queued-prompt UX goes subtly wrong.
+     */
+    async drainNextQueuedPrompt() {
+        if (this.pendingPrompts.length === 0 || this.shouldExit) {
+            return false;
+        }
+        const next = this.pendingPrompts.shift();
+        if (!next) {
+            return false;
+        }
+        const r = this.promptController?.getRenderer();
+        r?.setFollowUpQueueMode(false);
+        r?.addUserHistoryItem(next);
+        r?.setQueuedPrompts(this.pendingPrompts.slice());
+        await this.processPrompt(next);
+        return true;
+    }
     async processPrompt(prompt) {
         if (this.isProcessing) {
             return;
@@ -1802,6 +1740,10 @@ class InteractiveShell {
             this.autoGovernor.reset();
             this.failureRegistry.reset();
             this.adversarialCorrectionCount = 0;
+            // New user turn → `↑ N tokens` restarts from zero. Continuations
+            // ('continue' / IMPORTANT:-prefixed) keep accumulating into the same turn.
+            this.turnTokenMeter.reset();
+            this.promptController?.setMetaStatus({ outputTokens: 0 });
             // Pinned-prompt persistence removed per request — no longer
             // displayed above the chat box.
         }
@@ -1886,6 +1828,14 @@ class InteractiveShell {
                         // Stream content as it arrives
                         this.currentResponseBuffer += event.content ?? '';
                         this.finalResponseText += event.content ?? '';
+                        // Live `↑ N tokens`: estimate from streamed chars until the
+                        // provider's usage event snaps the exact count. Synthetic deltas
+                        // (already-streamed narration replays, retry notices) were never
+                        // provider output — metering them double-counts.
+                        if (!event.synthetic) {
+                            this.turnTokenMeter.addStreamedChars((event.content ?? '').length);
+                            this.promptController?.setMetaStatus({ outputTokens: this.turnTokenMeter.current() });
+                        }
                         if (renderer) {
                             renderer.addEvent('stream', event.content);
                         }
@@ -1899,6 +1849,10 @@ class InteractiveShell {
                     case 'reasoning':
                         // Accumulate reasoning for potential fallback synthesis
                         reasoningBuffer += event.content ?? '';
+                        // Reasoning streams count toward completion_tokens too (DeepSeek
+                        // thinking) — meter them so the live `↑` doesn't sit at zero.
+                        this.turnTokenMeter.addStreamedChars((event.content ?? '').length);
+                        this.promptController?.setMetaStatus({ outputTokens: this.turnTokenMeter.current() });
                         // Update status to show reasoning is actively streaming
                         this.promptController?.setActivityMessage('Thinking');
                         // Start the reasoning timer on first reasoning event
@@ -2033,6 +1987,10 @@ class InteractiveShell {
                     case 'usage': {
                         // Meter cumulative DeepSeek consumption for /usage + the portal.
                         recordDeepSeekUsage(event.inputTokens, event.outputTokens);
+                        // Snap the live `↑` estimate to the provider-exact output count
+                        // for this request; the meter keeps accumulating across the
+                        // turn's tool-loop requests.
+                        this.turnTokenMeter.recordExactOutput(event.outputTokens ?? 0);
                         // inputTokens = exactly what occupies the context window this turn.
                         // The real model window (not a hardcoded guess) is the denominator
                         // so "% context left" reflects the actual model.
@@ -2042,7 +2000,8 @@ class InteractiveShell {
                         }
                         const windowTokens = getModelContextInfo(this.profileConfig.model).contextWindow;
                         this.promptController?.setMetaStatus({
-                            tokensUsed: contextTokens,
+                            outputTokens: this.turnTokenMeter.current(),
+                            contextTokens,
                             tokenLimit: windowTokens,
                         });
                         break;
@@ -2134,7 +2093,7 @@ class InteractiveShell {
             // This handles models like deepseek-v4-pro that output thinking but empty response
             // Also handles step timeouts where the model was stuck
             // IMPORTANT: Don't add "Next steps" when only reasoning occurred - only after real work
-            if ((!episodeSuccess || reasoningTimedOut || stepTimedOut) && reasoningBuffer.trim() && !this.currentResponseBuffer.trim()) {
+            if (shouldSynthesizeFromReasoning({ hasReceivedResponseContent, finalResponseText: this.finalResponseText, currentResponseBuffer: this.currentResponseBuffer, reasoningBuffer })) {
                 const synthesized = this.synthesizeFromReasoning(reasoningBuffer);
                 if (synthesized && renderer) {
                     renderer.addEvent('stream', '\n' + synthesized);
@@ -2156,7 +2115,7 @@ class InteractiveShell {
                 renderer.addEvent('error', message);
             }
             // Fallback: If we have reasoning content but no response was generated, synthesize one
-            if (!episodeSuccess && reasoningBuffer.trim() && !this.currentResponseBuffer.trim()) {
+            if (!episodeSuccess && shouldSynthesizeFromReasoning({ hasReceivedResponseContent, finalResponseText: this.finalResponseText, currentResponseBuffer: this.currentResponseBuffer, reasoningBuffer })) {
                 const synthesized = this.synthesizeFromReasoning(reasoningBuffer);
                 if (synthesized && renderer) {
                     renderer.addEvent('stream', '\n' + synthesized);
@@ -2169,7 +2128,7 @@ class InteractiveShell {
             // Exit critical section - allow termination again
             exitCriticalSection();
             // Final fallback: If stream ended without message.complete but we have reasoning
-            if (!episodeSuccess && reasoningBuffer.trim() && !this.currentResponseBuffer.trim()) {
+            if (!episodeSuccess && shouldSynthesizeFromReasoning({ hasReceivedResponseContent, finalResponseText: this.finalResponseText, currentResponseBuffer: this.currentResponseBuffer, reasoningBuffer })) {
                 const synthesized = this.synthesizeFromReasoning(reasoningBuffer);
                 if (synthesized && renderer) {
                     renderer.addEvent('stream', '\n' + synthesized);
@@ -2217,17 +2176,11 @@ class InteractiveShell {
             // Autosave the conversation so /resume has something to restore. Each
             // turn updates the same snapshot in place (keyed by this.sessionId).
             this.persistSessionSnapshot();
-            // Process any queued prompts (late safety net; primary drain is now per-turn
-            // after each assistant response for "ASAP before the running prompt finishes").
-            if (this.pendingPrompts.length > 0 && !this.shouldExit) {
-                const next = this.pendingPrompts.shift();
-                if (next) {
-                    const r = this.promptController?.getRenderer();
-                    r?.setFollowUpQueueMode(false);
-                    r?.addUserHistoryItem(next);
-                    r?.setQueuedPrompts(this.pendingPrompts.slice());
-                    await this.processPrompt(next);
-                }
+            // Process any queued follow-up — single source of truth (drainNextQueuedPrompt).
+            // This takes priority over auto-continue: a user's explicit follow-up runs
+            // before the loop decides the original task is "complete".
+            if (await this.drainNextQueuedPrompt()) {
+                // handled
             }
             else if (refusedTurn) {
                 // Refusal terminates the turn. Don't re-prompt the model — the