@vybestack/llxprt-code-core 0.4.8 → 0.5.0-nightly.251102.e5b51aa3

package/dist/src/providers/gemini/GeminiProvider.js

@@ -3,17 +3,49 @@
  * Copyright 2025 Vybestack LLC
  * SPDX-License-Identifier: Apache-2.0
  */
+// @plan:PLAN-20251023-STATELESS-HARDENING.P08 @requirement:REQ-SP4-002
+// createHash import removed - no longer needed without client caching
 import { DebugLogger } from '../../debug/index.js';
 import { Config } from '../../config/config.js';
 import { AuthType } from '../../core/contentGenerator.js';
 import { AuthenticationRequiredError } from '../errors.js';
 import { getCoreSystemPromptAsync } from '../../core/prompts.js';
-import { createCodeAssistContentGenerator } from '../../code_assist/codeAssist.js';
 import { Type, } from '@google/genai';
-import { BaseProvider } from '../BaseProvider.js';
-import { getSettingsService } from '../../settings/settingsServiceInstance.js';
-import { retryWithBackoff, getErrorStatus, isNetworkTransientError, } from '../../utils/retry.js';
+import { BaseProvider, } from '../BaseProvider.js';
 export class GeminiProvider extends BaseProvider {
+    /**
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002
+     * @pseudocode lines 10-14
+     *
+     * Removed cached state variables to ensure stateless behavior.
+     * Provider now resolves model, auth, and parameters per call.
+     * No instance state: authMode, model overrides, modelExplicitlySet, currentModel removed.
+     * @requirement:REQ-SP4-003: Auth/model/params come from NormalizedGenerateChatOptions
+     */
+    geminiOAuthManager;
+    /**
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002, REQ-SP4-003
+     * @pseudocode lines 10-14
+     *
+     * Simplified constructor that only stores readonly OAuth manager.
+     * All other state is now resolved per call from NormalizedGenerateChatOptions.
+     * No loggers cached - created on demand like AnthropicProvider.
+     */
+    constructor(apiKey, baseURL, config, oauthManager) {
+        const baseConfig = {
+            name: 'gemini',
+            apiKey,
+            baseURL,
+            envKeyNames: ['GEMINI_API_KEY', 'GOOGLE_API_KEY'],
+            isOAuthEnabled: !!oauthManager,
+            oauthProvider: oauthManager ? 'gemini' : undefined,
+            oauthManager,
+        };
+        super(baseConfig, config);
+        this.geminiOAuthManager = oauthManager;
+    }
     /**
      * @description Cleans a JSON Schema object to ensure it strictly conforms to the Gemini API's supported Schema definition.
      * This function acts as a whitelist, removing any properties not explicitly defined in the OpenAPI 3.03 Schema Object
@@ -85,28 +117,42 @@ export class GeminiProvider extends BaseProvider {
         }
         return cleanedSchema;
     }
-    logger;
-    authMode = 'none';
-    currentModel = 'gemini-2.5-pro';
-    modelExplicitlySet = false;
-    modelParams;
-    geminiOAuthManager;
-    constructor(apiKey, baseURL, config, oauthManager) {
-        // Initialize base provider with auth configuration
-        const baseConfig = {
-            name: 'gemini',
-            apiKey,
-            baseURL,
-            envKeyNames: ['GEMINI_API_KEY', 'GOOGLE_API_KEY'],
-            isOAuthEnabled: false, // OAuth enablement will be checked dynamically
-            oauthProvider: 'gemini',
-            oauthManager, // Keep the manager for checking enablement
-        };
-        super(baseConfig, config, undefined);
-        this.logger = new DebugLogger('llxprt:gemini:provider');
-        this.geminiOAuthManager = oauthManager;
-        // Do not determine auth mode on instantiation.
-        // This will be done lazily when a chat completion is requested.
+    /**
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002
+     * Create loggers on-demand to avoid instance state, like AnthropicProvider
+     */
+    getLogger() {
+        return new DebugLogger('llxprt:gemini:provider');
+    }
+    getToolsLogger() {
+        return new DebugLogger('llxprt:gemini:tools');
+    }
+    /**
+     * @plan PLAN-20251018-STATELESSPROVIDER2.P12
+     * @requirement REQ-SP2-001
+     * @pseudocode anthropic-gemini-stateless.md lines 1-2
+     */
+    /**
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-003
+     * Determine streaming preference from config settings per call
+     */
+    getStreamingPreference(_options) {
+        const streamingSetting = this.providerConfig?.getEphemeralSettings?.()?.['streaming'];
+        return streamingSetting !== 'disabled';
+    }
+    async createOAuthContentGenerator(httpOptions, config, baseURL) {
+        const { createCodeAssistContentGenerator } = await import('../../code_assist/codeAssist.js');
+        return createCodeAssistContentGenerator(httpOptions, AuthType.LOGIN_WITH_GOOGLE, config, baseURL);
+    }
+    /**
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002
+     * No operation - stateless provider has no cache to clear
+     */
+    clearClientCache(_runtimeKey) {
+        this.getLogger().debug(() => 'Cache clear called on stateless provider - no operation');
     }
     /**
      * Updates OAuth configuration based on current OAuth manager state
@@ -123,21 +169,21 @@ export class GeminiProvider extends BaseProvider {
         }
     }
     /**
-     * Determines the best available authentication method based on environment variables
-     * and existing configuration. Now uses lazy evaluation with proper precedence chain.
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002, REQ-SP4-003
+     * Determines the best available authentication method per call without storing state.
+     * Returns both authMode and token - caller must handle both values.
      */
     async determineBestAuth() {
         // Re-check OAuth enablement state before determining auth
         this.updateOAuthState();
         // First check if we have Gemini-specific credentials
         if (this.hasVertexAICredentials()) {
-            this.authMode = 'vertex-ai';
             this.setupVertexAIAuth();
-            return 'USE_VERTEX_AI';
+            return { authMode: 'vertex-ai', token: 'USE_VERTEX_AI' };
         }
         if (this.hasGeminiAPIKey()) {
-            this.authMode = 'gemini-api-key';
-            return process.env.GEMINI_API_KEY;
+            return { authMode: 'gemini-api-key', token: process.env.GEMINI_API_KEY };
         }
         // No Gemini-specific credentials, check OAuth availability
         try {
@@ -151,51 +197,42 @@ export class GeminiProvider extends BaseProvider {
             if (isOAuthEnabled &&
                 (authMethodName?.startsWith('oauth-') ||
                     (this.geminiOAuthManager && !token))) {
-                this.authMode = 'oauth';
-                return 'USE_LOGIN_WITH_GOOGLE';
+                return { authMode: 'oauth', token: 'USE_LOGIN_WITH_GOOGLE' };
             }
             // If we have a token but it's not for Gemini (e.g., from another provider),
             // we should still fall back to OAuth for Gemini web search - BUT ONLY IF OAUTH IS ENABLED
             if (!this.hasGeminiAPIKey() && !this.hasVertexAICredentials()) {
                 if (isOAuthEnabled) {
-                    this.authMode = 'oauth';
-                    return 'USE_LOGIN_WITH_GOOGLE';
+                    return { authMode: 'oauth', token: 'USE_LOGIN_WITH_GOOGLE' };
                 }
                 else {
                     // OAuth is disabled and no other auth method available
                     throw new AuthenticationRequiredError('Web search requires Gemini authentication, but no API key is set and OAuth is disabled. Hint: call /auth gemini enable', 'none', ['GEMINI_API_KEY', 'GOOGLE_API_KEY']);
                 }
             }
-            this.authMode = 'none';
-            return token || '';
+            return { authMode: 'none', token: token || '' };
         }
         catch (error) {
             // CRITICAL FIX: Only fall back to LOGIN_WITH_GOOGLE if OAuth is actually enabled
-            // Don't use it when OAuth has been disabled
             const manager = this.geminiOAuthManager;
             const isOAuthEnabled = this.geminiOAuthManager &&
                 manager.isOAuthEnabled &&
                 typeof manager.isOAuthEnabled === 'function' &&
                 manager.isOAuthEnabled('gemini');
             if (isOAuthEnabled) {
-                this.authMode = 'oauth';
-                return 'USE_LOGIN_WITH_GOOGLE';
+                return { authMode: 'oauth', token: 'USE_LOGIN_WITH_GOOGLE' };
             }
             // Handle case where no auth is available
             const authType = this.globalConfig?.getContentGeneratorConfig()?.authType;
             if (authType === AuthType.USE_NONE) {
-                this.authMode = 'none';
-                throw new AuthenticationRequiredError('Authentication is set to USE_NONE but no credentials are available', this.authMode, ['GEMINI_API_KEY', 'GOOGLE_API_KEY']);
+                throw new AuthenticationRequiredError('Authentication is set to USE_NONE but no credentials are available', 'none', ['GEMINI_API_KEY', 'GOOGLE_API_KEY']);
             }
             // When used as serverToolsProvider without API key, fall back to OAuth ONLY if enabled
-            // This handles the case where Gemini is used for server tools but not as main provider
             if (!this.hasGeminiAPIKey() && !this.hasVertexAICredentials()) {
                 if (isOAuthEnabled) {
-                    this.authMode = 'oauth';
-                    return 'USE_LOGIN_WITH_GOOGLE';
+                    return { authMode: 'oauth', token: 'USE_LOGIN_WITH_GOOGLE' };
                 }
                 else {
-                    // OAuth is disabled and no other auth method available
                     throw new AuthenticationRequiredError('Web search requires Gemini authentication, but no API key is set and OAuth is disabled. Hint: call /auth gemini enable', 'none', ['GEMINI_API_KEY', 'GOOGLE_API_KEY']);
                 }
             }
@@ -253,20 +290,30 @@ export class GeminiProvider extends BaseProvider {
     setConfig(config) {
         // Call base provider implementation
         super.setConfig?.(config);
+        this.refreshCachedSettings();
         // Sync with config model if user hasn't explicitly set a model
         // This ensures consistency between config and provider state
-        const configModel = config.getModel();
-        if (!this.modelExplicitlySet && configModel) {
-            this.currentModel = configModel;
-        }
+        // @plan:PLAN-20251023-STATELESS-HARDENING.P08 @requirement:REQ-SP4-002
+        // Removed model caching in stateless implementation
+        // const configModel = config.getModel();
+        // if (!this.modelExplicitlySet && configModel) {
+        //   this.currentModel = configModel;
+        // }
         // Update OAuth configuration based on OAuth manager state, not config authType
         // This ensures that if OAuth is disabled via /auth gemini disable, it stays disabled
         this.updateOAuthState();
         // Clear auth cache when config changes to allow re-determination
     }
+    /**
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002
+     * Determine auth mode per call instead of using cached state
+     */
     async getModels() {
+        // Determine auth mode for this call
+        const { authMode } = await this.determineBestAuth();
         // For OAuth mode, return fixed list of models
-        if (this.authMode === 'oauth') {
+        if (authMode === 'oauth') {
             return [
                 {
                     id: 'gemini-2.5-pro',
@@ -289,7 +336,7 @@ export class GeminiProvider extends BaseProvider {
             ];
         }
         // For API key modes (gemini-api-key or vertex-ai), try to fetch real models
-        if (this.authMode === 'gemini-api-key' || this.authMode === 'vertex-ai') {
+        if (authMode === 'gemini-api-key' || authMode === 'vertex-ai') {
             const apiKey = (await this.getAuthToken()) || process.env.GEMINI_API_KEY;
             if (apiKey) {
                 try {
@@ -342,35 +389,23 @@ export class GeminiProvider extends BaseProvider {
             },
         ];
     }
-    setApiKey(apiKey) {
-        // Call base provider implementation
-        super.setApiKey(apiKey);
-        // Set the API key as an environment variable so it can be used by the core library
-        // CRITICAL FIX: When clearing the key (empty string), delete the env var instead of setting to empty
-        if (apiKey && apiKey.trim() !== '') {
-            process.env.GEMINI_API_KEY = apiKey;
-        }
-        else {
-            delete process.env.GEMINI_API_KEY;
-        }
-        // Clear auth cache when API key changes
-        this.clearAuthCache();
-    }
-    setBaseUrl(baseUrl) {
-        // Call base provider implementation which stores in ephemeral settings
-        super.setBaseUrl?.(baseUrl);
-    }
     /**
-     * Gets the current authentication mode
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002
+     * Gets the current authentication mode per call without caching
      */
-    getAuthMode() {
-        return this.authMode;
+    async getAuthMode() {
+        const { authMode } = await this.determineBestAuth();
+        return authMode;
     }
     /**
-     * Gets the appropriate AuthType for the core library
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002
+     * Gets the appropriate AuthType for the core library per call
      */
-    getCoreAuthType() {
-        switch (this.authMode) {
+    async getCoreAuthType() {
+        const { authMode } = await this.determineBestAuth();
+        switch (authMode) {
             case 'oauth':
                 return AuthType.LOGIN_WITH_GOOGLE;
             case 'gemini-api-key':
@@ -382,22 +417,32 @@ export class GeminiProvider extends BaseProvider {
         }
     }
     /**
-     * Gets the current model ID
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002
+     * No caching - this method is now a no-op. Settings read on demand.
+     */
+    refreshCachedSettings() {
+        // No operation - stateless provider doesn't cache settings
+    }
+    /**
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-003
+     * Gets the current model ID from SettingsService per call
      */
     getCurrentModel() {
         // Try to get from SettingsService first (source of truth)
         try {
-            const settingsService = getSettingsService();
+            const settingsService = this.resolveSettingsService();
             const providerSettings = settingsService.getProviderSettings(this.name);
             if (providerSettings.model) {
                 return providerSettings.model;
             }
         }
         catch (error) {
-            this.logger.debug(() => `Failed to get model from SettingsService: ${error}`);
+            this.getLogger().debug(() => `Failed to get model from SettingsService: ${error}`);
         }
-        // Fall back to cached value or default
-        return this.currentModel || this.getDefaultModel();
+        // In stateless mode, always return default since model should come from options
+        return this.getDefaultModel();
     }
     /**
      * Gets the default model for Gemini
@@ -406,61 +451,61 @@ export class GeminiProvider extends BaseProvider {
         return 'gemini-2.5-pro';
     }
     /**
-     * Sets the current model ID
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-003
+     * Gets model parameters from SettingsService per call
      */
-    setModel(modelId) {
-        // Update SettingsService as the source of truth
+    getModelParams() {
         try {
-            const settingsService = getSettingsService();
-            settingsService.setProviderSetting(this.name, 'model', modelId);
+            const settingsService = this.resolveSettingsService();
+            const providerSettings = settingsService.getProviderSettings(this.name);
+            const reservedKeys = new Set([
+                'enabled',
+                'apiKey',
+                'api-key',
+                'apiKeyfile',
+                'api-keyfile',
+                'baseUrl',
+                'base-url',
+                'model',
+                'toolFormat',
+                'tool-format',
+                'toolFormatOverride',
+                'tool-format-override',
+                'defaultModel',
+            ]);
+            const params = {};
+            if (providerSettings) {
+                for (const [key, value] of Object.entries(providerSettings)) {
+                    if (reservedKeys.has(key) || value === undefined || value === null) {
+                        continue;
+                    }
+                    params[key] = value;
+                }
+            }
+            return Object.keys(params).length > 0 ? params : undefined;
         }
         catch (error) {
-            this.logger.debug(() => `Failed to persist model to SettingsService: ${error}`);
-        }
-        // Keep local cache for performance
-        this.currentModel = modelId;
-        this.modelExplicitlySet = true;
-        // Always update config if available, not just in OAuth mode
-        // This ensures the model is properly synchronized
-        if (this.globalConfig) {
-            this.globalConfig.setModel(modelId);
-        }
-    }
-    /**
-     * Sets additional model parameters to include in requests
-     */
-    setModelParams(params) {
-        if (params === undefined) {
-            this.modelParams = undefined;
-        }
-        else {
-            this.modelParams = { ...this.modelParams, ...params };
+            this.getLogger().debug(() => `Failed to get Gemini provider settings from SettingsService: ${error}`);
+            return undefined;
         }
     }
     /**
-     * Gets the current model parameters
-     */
-    getModelParams() {
-        return this.modelParams;
-    }
-    /**
-     * Checks if the current auth mode requires payment
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002
+     * Checks if using paid mode synchronously via env vars (stateless check)
      */
     isPaidMode() {
-        return this.authMode === 'gemini-api-key' || this.authMode === 'vertex-ai';
+        // Synchronous check based on environment variables only
+        return this.hasGeminiAPIKey() || this.hasVertexAICredentials();
     }
     /**
-     * Clears provider state but preserves explicitly set model
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002
+     * No state to clear in stateless implementation
      */
     clearState() {
-        // Clear auth-related state
-        this.authMode = 'none';
-        // Only reset model if it wasn't explicitly set by user
-        if (!this.modelExplicitlySet) {
-            this.currentModel = 'gemini-2.5-pro';
-        }
-        // Note: We don't clear config or apiKey as they might be needed
-        // Clear auth cache
+        // No operation - stateless provider has no state to clear
         this.clearAuthCache();
     }
     /**
@@ -478,6 +523,7 @@ export class GeminiProvider extends BaseProvider {
     clearAuthCache() {
         // Call the base implementation to clear the cached token
         super.clearAuthCache();
+        this.clearClientCache();
         // Don't clear the auth mode itself, just allow re-determination next time
     }
     /**
@@ -487,30 +533,39 @@ export class GeminiProvider extends BaseProvider {
         return ['web_search', 'web_fetch'];
     }
     /**
-     * Invoke a server tool (native provider tool)
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002
+     * Invoke a server tool using per-call auth resolution
      */
-    async invokeServerTool(toolName, params, _config) {
+    async invokeServerTool(toolName, params, _config, _signal) {
         if (toolName === 'web_search') {
-            this.logger.debug(() => `invokeServerTool: web_search called with params: ${JSON.stringify(params)}`);
-            this.logger.debug(() => `invokeServerTool: globalConfig is ${this.globalConfig ? 'set' : 'null/undefined'}`);
-            this.logger.debug(() => `invokeServerTool: current authMode is ${this.authMode}`);
+            const logger = this.getToolsLogger();
+            logger.debug(() => `invokeServerTool: web_search called with params: ${JSON.stringify(params)}`);
+            logger.debug(() => `invokeServerTool: globalConfig is ${this.globalConfig ? 'set' : 'null/undefined'}`);
+            // Check for abort before auth determination
+            if (_signal?.aborted) {
+                const error = new Error('Operation was aborted');
+                error.name = 'AbortError';
+                throw error;
+            }
             // Import the necessary modules dynamically
             const { GoogleGenAI } = await import('@google/genai');
             // Create the appropriate client based on auth mode
             const httpOptions = this.createHttpOptions();
             let genAI;
-            // Get authentication token lazily
-            this.logger.debug(() => `invokeServerTool: about to call determineBestAuth()`);
-            const authToken = await this.determineBestAuth();
-            this.logger.debug(() => `invokeServerTool: determineBestAuth returned, authMode is now ${this.authMode}`);
-            // Re-evaluate auth mode if we got a signal to use OAuth
-            if (authToken === 'USE_LOGIN_WITH_GOOGLE') {
-                this.authMode = 'oauth';
+            // Get authentication token and mode lazily per call
+            logger.debug(() => `invokeServerTool: about to call determineBestAuth()`);
+            const { authMode, token: authToken } = await this.determineBestAuth();
+            // Check for abort after auth determination
+            if (_signal?.aborted) {
+                const error = new Error('Operation was aborted');
+                error.name = 'AbortError';
+                throw error;
             }
-            switch (this.authMode) {
+            logger.debug(() => `invokeServerTool: determineBestAuth returned authMode=${authMode}`);
+            switch (authMode) {
                 case 'gemini-api-key': {
-                    // This case should never happen if determineBestAuth worked correctly
-                    // but add safety check
+                    // Validate auth token
                     if (!authToken ||
                         authToken === 'USE_LOGIN_WITH_GOOGLE' ||
                         authToken === '') {
@@ -572,12 +627,12 @@ export class GeminiProvider extends BaseProvider {
                 }
                 case 'oauth': {
                     try {
-                        this.logger.debug(() => `invokeServerTool: OAuth case - creating content generator`);
+                        logger.debug(() => `invokeServerTool: OAuth case - creating content generator`);
                         // If globalConfig is not set (e.g., when using non-Gemini provider),
                         // create a minimal config for OAuth
                         let configForOAuth = this.globalConfig;
                         if (!configForOAuth) {
-                            this.logger.debug(() => `invokeServerTool: globalConfig is null, creating minimal config for OAuth`);
+                            logger.debug(() => `invokeServerTool: globalConfig is null, creating minimal config for OAuth`);
                             // Use crypto for UUID generation
                             const { randomUUID } = await import('crypto');
                             configForOAuth = new Config({
@@ -591,8 +646,8 @@ export class GeminiProvider extends BaseProvider {
                         }
                         // For OAuth, use the code assist content generator
                         // Note: Detailed logging is now handled by DebugLogger in codeAssist.ts with namespace llxprt:code:assist
-                        const oauthContentGenerator = await createCodeAssistContentGenerator(httpOptions, AuthType.LOGIN_WITH_GOOGLE, configForOAuth);
-                        this.logger.debug(() => `invokeServerTool: OAuth content generator created successfully`);
+                        const oauthContentGenerator = await this.createOAuthContentGenerator(httpOptions, configForOAuth);
+                        logger.debug(() => `invokeServerTool: OAuth content generator created successfully`);
                         // For web search, always use gemini-2.5-flash regardless of the active model
                         const oauthRequest = {
                             model: 'gemini-2.5-flash',
@@ -606,23 +661,29 @@ export class GeminiProvider extends BaseProvider {
                                 tools: [{ googleSearch: {} }],
                             },
                         };
-                        this.logger.debug(() => `invokeServerTool: making OAuth generateContent request with query: ${params.query}`);
+                        logger.debug(() => `invokeServerTool: making OAuth generateContent request with query: ${params.query}`);
                         // PRIVACY FIX: Removed sessionId to prevent transmission to Google servers
                         const result = await oauthContentGenerator.generateContent(oauthRequest, 'web-search-oauth');
-                        this.logger.debug(() => `invokeServerTool: OAuth generateContent completed successfully`);
+                        logger.debug(() => `invokeServerTool: OAuth generateContent completed successfully`);
                         return result;
                     }
                     catch (error) {
-                        this.logger.debug(() => `invokeServerTool: ERROR in OAuth case: ${error}`);
-                        this.logger.debug(() => `invokeServerTool: Error details:`, error);
+                        logger.debug(() => `invokeServerTool: ERROR in OAuth case: ${error}`);
+                        logger.debug(() => `invokeServerTool: Error details:`, error);
                         throw error;
                     }
                 }
                 default:
-                    throw new Error(`Web search not supported in auth mode: ${this.authMode}`);
+                    throw new Error(`Web search not supported in auth mode: ${authMode}`);
             }
         }
         else if (toolName === 'web_fetch') {
+            // Check for abort before auth determination
+            if (_signal?.aborted) {
+                const error = new Error('Operation was aborted');
+                error.name = 'AbortError';
+                throw error;
+            }
             // Import the necessary modules dynamically
             const { GoogleGenAI } = await import('@google/genai');
             // Get the prompt directly without any processing
@@ -630,9 +691,15 @@ export class GeminiProvider extends BaseProvider {
             // Create the appropriate client based on auth mode
             const httpOptions = this.createHttpOptions();
             let genAI;
-            // Get authentication token lazily
-            const authToken = await this.determineBestAuth();
-            switch (this.authMode) {
+            // Get authentication token and mode lazily per call
+            const { authMode, token: authToken } = await this.determineBestAuth();
+            // Check for abort after auth determination
+            if (_signal?.aborted) {
+                const error = new Error('Operation was aborted');
+                error.name = 'AbortError';
+                throw error;
+            }
+            switch (authMode) {
                 case 'gemini-api-key': {
                     genAI = new GoogleGenAI({
                         apiKey: authToken,
@@ -690,7 +757,7 @@ export class GeminiProvider extends BaseProvider {
                 }
                 case 'oauth': {
                     // For OAuth, use the code assist content generator
-                    const oauthContentGenerator = await createCodeAssistContentGenerator(httpOptions, AuthType.LOGIN_WITH_GOOGLE, this.globalConfig);
+                    const oauthContentGenerator = await this.createOAuthContentGenerator(httpOptions, this.globalConfig, this.getBaseURL());
                     // For web fetch, always use gemini-2.5-flash regardless of the active model
                     const oauthRequest = {
                         model: 'gemini-2.5-flash',
@@ -709,7 +776,7 @@ export class GeminiProvider extends BaseProvider {
                     return result;
                 }
                 default:
-                    throw new Error(`Web fetch not supported in auth mode: ${this.authMode}`);
+                    throw new Error(`Web fetch not supported in auth mode: ${authMode}`);
             }
         }
         else {
@@ -717,32 +784,18 @@ export class GeminiProvider extends BaseProvider {
         }
     }
     /**
-     * Generate chat completion with IContent interface
-     * Direct implementation for Gemini API with IContent interface
+     * @plan:PLAN-20251023-STATELESS-HARDENING.P08
+     * @requirement:REQ-SP4-002, REQ-SP4-003
+     * Generate chat completion using per-call resolution of auth, model, and params
+     * All state comes from NormalizedGenerateChatOptions, no instance caching
      */
-    async *generateChatCompletion(content, tools, signal, _toolFormat) {
-        // First critical AbortSignal check for generateChatCompletion
-        if (signal?.aborted) {
-            const error = new Error('Operation was aborted');
-            error.name = 'AbortError';
-            throw error;
-        }
-        // AbortSignal check before auth
-        if (signal?.aborted) {
-            const error = new Error('Operation was aborted');
-            error.name = 'AbortError';
-            throw error;
-        }
-        // Determine best auth method
-        const authToken = await this.determineBestAuth();
-        // AbortSignal check after auth
-        if (signal?.aborted) {
-            const error = new Error('Operation was aborted');
-            error.name = 'AbortError';
-            throw error;
-        }
-        // Import necessary modules
-        const { GoogleGenAI } = await import('@google/genai');
+    async *generateChatCompletionWithOptions(options) {
+        const streamingEnabled = this.getStreamingPreference(options);
+        const { contents: content, tools } = options;
+        // Determine best auth method per call - no state storage
+        const { authMode, token: authToken } = await this.determineBestAuth();
+        // Model is resolved from options.resolved.model - no instance caching
+        const currentModel = options.resolved.model;
         // Convert IContent directly to Gemini format
         const contents = [];
         for (const c of content) {
@@ -824,116 +877,27 @@ export class GeminiProvider extends BaseProvider {
                 }),
             }))
             : undefined;
-        const flattenedToolNames = tools?.flatMap((group) => group.functionDeclarations
-            .map((decl) => decl.name)
-            .filter((name) => !!name)) ?? [];
-        const toolNamesArg = tools === undefined ? undefined : Array.from(new Set(flattenedToolNames));
+        const toolNamesForPrompt = tools === undefined
+            ? undefined
+            : Array.from(new Set(tools.flatMap((group) => group.functionDeclarations
+                .map((decl) => decl.name)
+                .filter((name) => Boolean(name)))));
+        const serverTools = ['web_search', 'web_fetch'];
+        // @plan:PLAN-20251023-STATELESS-HARDENING.P08 @requirement:REQ-SP4-003
+        // Get model params per call from ephemeral settings, not cached instance state
+        const requestOverrides = options.invocation?.ephemerals ?? {};
+        const requestConfig = {
+            serverTools,
+            ...(requestOverrides ?? {}),
+        };
+        if (geminiTools) {
+            requestConfig.tools = geminiTools;
+        }
         // Create appropriate client and generate content
+        const baseURL = options.resolved.baseURL ?? this.getBaseURL();
         const httpOptions = this.createHttpOptions();
-        const { maxAttempts, initialDelayMs } = this.getRetryConfig();
-        const stream = await retryWithBackoff(async () => {
-            // AbortSignal check before client creation
-            if (signal?.aborted) {
-                const error = new Error('Operation was aborted');
-                error.name = 'AbortError';
-                throw error;
-            }
-            if (this.authMode === 'oauth') {
-                // OAuth mode
-                const configForOAuth = this.globalConfig || {
-                    getProxy: () => undefined,
-                    isBrowserLaunchSuppressed: () => false,
-                    getNoBrowser: () => false,
-                    getUserMemory: () => '',
-                };
-                const contentGenerator = await createCodeAssistContentGenerator(httpOptions, AuthType.LOGIN_WITH_GOOGLE, configForOAuth, this.getBaseURL());
-                const userMemory = this.globalConfig?.getUserMemory
-                    ? this.globalConfig.getUserMemory()
-                    : '';
-                const systemInstruction = await getCoreSystemPromptAsync(userMemory, this.currentModel, toolNamesArg);
-                // For OAuth/CodeAssist mode, inject system prompt as first user message
-                // This ensures the CodeAssist endpoint receives the full context
-                // Similar to how AnthropicProvider handles OAuth mode
-                const contentsWithSystemPrompt = [
-                    {
-                        role: 'user',
-                        parts: [
-                            {
-                                text: `<system>\n${systemInstruction}\n</system>\n\nUser provided conversation begins here:`,
-                            },
-                        ],
-                    },
-                    ...contents,
-                ];
-                // Streaming request abort check
-                if (signal?.aborted) {
-                    const error = new Error('Operation was aborted');
-                    error.name = 'AbortError';
-                    throw error;
-                }
-                const request = {
-                    model: this.currentModel,
-                    contents: contentsWithSystemPrompt,
-                    // Still pass systemInstruction for SDK compatibility
-                    systemInstruction,
-                    config: {
-                        tools: geminiTools,
-                        ...this.modelParams,
-                    },
-                };
-                return await contentGenerator.generateContentStream(request, 'oauth-session');
-            }
-            else {
-                // API key mode
-                // AbortSignal check before client creation
-                if (signal?.aborted) {
-                    const error = new Error('Operation was aborted');
-                    error.name = 'AbortError';
-                    throw error;
-                }
-                const genAI = new GoogleGenAI({
-                    apiKey: authToken,
-                    vertexai: this.authMode === 'vertex-ai',
-                    httpOptions: this.getBaseURL()
-                        ? { ...httpOptions, baseUrl: this.getBaseURL() }
-                        : httpOptions,
-                });
-                const contentGenerator = genAI.models;
-                const userMemory = this.globalConfig?.getUserMemory
-                    ? this.globalConfig.getUserMemory()
-                    : '';
-                const systemInstruction = await getCoreSystemPromptAsync(userMemory, this.currentModel, toolNamesArg);
-                // Streaming request abort check
-                if (signal?.aborted) {
-                    const error = new Error('Operation was aborted');
-                    error.name = 'AbortError';
-                    throw error;
-                }
-                const request = {
-                    model: this.currentModel,
-                    contents,
-                    systemInstruction,
-                    config: {
-                        tools: geminiTools,
-                        ...this.modelParams,
-                    },
-                };
-                return await contentGenerator.generateContentStream(request);
-            }
-        }, {
-            maxAttempts,
-            initialDelayMs,
-            shouldRetry: this.shouldRetryGeminiResponse.bind(this),
-            trackThrottleWaitTime: this.throttleTracker,
-        });
-        // Stream responses as IContent
-        for await (const response of stream) {
-            // Critical streaming loop abort check
-            if (signal?.aborted) {
-                const error = new Error('Operation was aborted');
-                error.name = 'AbortError';
-                throw error;
-            }
+        const mapResponseToChunks = (response) => {
+            const chunks = [];
             const text = response.candidates?.[0]?.content?.parts
                 ?.filter((part) => 'text' in part)
                 ?.map((part) => part.text)
@@ -941,15 +905,12 @@ export class GeminiProvider extends BaseProvider {
             const functionCalls = response.candidates?.[0]?.content?.parts
                 ?.filter((part) => 'functionCall' in part)
                 ?.map((part) => part.functionCall) || [];
-            // Extract usage metadata from response
             const usageMetadata = response.usageMetadata;
-            // Yield text if present
             if (text) {
                 const textContent = {
                     speaker: 'ai',
                     blocks: [{ type: 'text', text }],
                 };
-                // Add usage metadata if present
                 if (usageMetadata) {
                     textContent.metadata = {
                         usage: {
@@ -961,9 +922,8 @@ export class GeminiProvider extends BaseProvider {
                         },
                     };
                 }
-                yield textContent;
+                chunks.push(textContent);
             }
-            // Yield tool calls if present
             if (functionCalls.length > 0) {
                 const blocks = functionCalls.map((call) => ({
                     type: 'tool_call',
@@ -976,7 +936,6 @@ export class GeminiProvider extends BaseProvider {
                     speaker: 'ai',
                     blocks,
                 };
-                // Add usage metadata if present
                 if (usageMetadata) {
                     toolCallContent.metadata = {
                         usage: {
@@ -988,11 +947,10 @@ export class GeminiProvider extends BaseProvider {
                         },
                     };
                 }
-                yield toolCallContent;
+                chunks.push(toolCallContent);
             }
-            // If we have usage metadata but no content blocks, emit a metadata-only response
             if (usageMetadata && !text && functionCalls.length === 0) {
-                yield {
+                chunks.push({
                     speaker: 'ai',
                     blocks: [],
                     metadata: {
@@ -1004,27 +962,144 @@ export class GeminiProvider extends BaseProvider {
                                     (usageMetadata.candidatesTokenCount || 0),
                         },
                     },
+                });
+            }
+            if (!usageMetadata && !text && functionCalls.length === 0) {
+                chunks.push({
+                    speaker: 'ai',
+                    blocks: [],
+                });
+            }
+            return chunks;
+        };
+        let stream = null;
+        let emitted = false;
+        // @plan:PLAN-20251023-STATELESS-HARDENING.P08 @requirement:REQ-SP4-002
+        // No caching - create client per call based on resolved authMode
+        if (authMode === 'oauth') {
+            const configForOAuth = this.globalConfig || {
+                getProxy: () => undefined,
+                isBrowserLaunchSuppressed: () => false,
+                getNoBrowser: () => false,
+                getUserMemory: () => '',
+            };
+            // Create OAuth content generator per call - no caching
+            const contentGenerator = await this.createOAuthContentGenerator(httpOptions, configForOAuth, baseURL);
+            const userMemory = this.globalConfig?.getUserMemory
+                ? this.globalConfig.getUserMemory()
+                : '';
+            const systemInstruction = await getCoreSystemPromptAsync(userMemory, currentModel, toolNamesForPrompt);
+            const contentsWithSystemPrompt = [
+                {
+                    role: 'user',
+                    parts: [
+                        {
+                            text: `<system>\n${systemInstruction}\n</system>\n\nUser provided conversation begins here:`,
+                        },
+                    ],
+                },
+                ...contents,
+            ];
+            const oauthConfig = { ...requestConfig };
+            const oauthRequest = {
+                model: currentModel,
+                contents: contentsWithSystemPrompt,
+                systemInstruction,
+                config: oauthConfig,
+            };
+            // Use runtime metadata from options for session ID
+            const runtimeId = options.runtime?.runtimeId || 'default';
+            const sessionId = `oauth-session:${runtimeId}:${Math.random()
+                .toString(36)
+                .slice(2)}`;
+            const generatorWithStream = contentGenerator;
+            if (!streamingEnabled && generatorWithStream.generateContent) {
+                const response = await generatorWithStream.generateContent(oauthRequest, sessionId);
+                let yielded = false;
+                for (const chunk of mapResponseToChunks(response)) {
+                    yielded = true;
+                    yield chunk;
+                }
+                if (!yielded) {
+                    yield { speaker: 'ai', blocks: [] };
+                }
+                return;
+            }
+            const oauthStream = await generatorWithStream.generateContentStream(oauthRequest, sessionId);
+            stream = oauthStream;
+            if (streamingEnabled) {
+                emitted = true;
+                yield {
+                    speaker: 'ai',
+                    blocks: [],
+                    metadata: {
+                        session: sessionId,
+                        runtime: runtimeId,
+                        authMode: 'oauth',
+                    },
                 };
             }
         }
-    }
-    getRetryConfig() {
-        const ephemeralSettings = this.providerConfig?.getEphemeralSettings?.() || {};
-        const maxAttempts = ephemeralSettings['retries'] ?? 6;
-        const initialDelayMs = ephemeralSettings['retrywait'] ?? 4000;
-        return { maxAttempts, initialDelayMs };
-    }
-    shouldRetryGeminiResponse(error) {
-        const status = getErrorStatus(error);
-        if (status === 429 || (status && status >= 500 && status < 600)) {
-            this.logger.debug(() => `Will retry Gemini request due to status ${status}`);
-            return true;
+        else {
+            // @plan:PLAN-20251023-STATELESS-HARDENING.P08 @requirement:REQ-SP4-002
+            // Create Google GenAI client per call - no caching
+            const { GoogleGenAI } = await import('@google/genai');
+            const genAI = new GoogleGenAI({
+                apiKey: authToken,
+                vertexai: authMode === 'vertex-ai',
+                httpOptions: baseURL
+                    ? { ...httpOptions, baseUrl: baseURL }
+                    : httpOptions,
+            });
+            const contentGenerator = genAI.models;
+            const userMemory = this.globalConfig?.getUserMemory
+                ? this.globalConfig.getUserMemory()
+                : '';
+            const systemInstruction = await getCoreSystemPromptAsync(userMemory, currentModel, toolNamesForPrompt);
+            const apiRequest = {
+                model: currentModel,
+                contents,
+                systemInstruction,
+                config: { ...requestConfig },
+            };
+            if (streamingEnabled) {
+                stream = await contentGenerator.generateContentStream(apiRequest);
+            }
+            else {
+                const response = await contentGenerator.generateContent(apiRequest);
+                let yielded = false;
+                for (const chunk of mapResponseToChunks(response)) {
+                    yielded = true;
+                    yield chunk;
+                }
+                if (!yielded) {
+                    yield { speaker: 'ai', blocks: [] };
+                }
+                return;
+            }
         }
-        if (isNetworkTransientError(error)) {
-            this.logger.debug(() => 'Will retry Gemini request due to transient network error signature.');
-            return true;
+        if (stream) {
+            const iterator = typeof stream[Symbol.asyncIterator] === 'function'
+                ? stream[Symbol.asyncIterator]()
+                : stream;
+            while (true) {
+                const { value, done } = await iterator.next();
+                if (done) {
+                    break;
+                }
+                const mapped = mapResponseToChunks(value);
+                if (mapped.length === 0) {
+                    continue;
+                }
+                emitted = true;
+                for (const chunk of mapped) {
+                    yield chunk;
+                }
+            }
+        }
+        if (!emitted) {
+            yield { speaker: 'ai', blocks: [] };
         }
-        return false;
     }
 }
 //# sourceMappingURL=GeminiProvider.js.map