@zhijiewang/openharness 2.11.0 → 2.13.0

package/dist/mcp/transport.js

@@ -1,4 +1,5 @@
 import { createRequire } from "node:module";
+import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js";
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
 import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
@@ -9,7 +10,7 @@ export class RemoteAuthRequiredError extends Error {
     wwwAuthenticate;
     constructor(serverName, wwwAuthenticate) {
         super(`MCP server '${serverName}' requires authentication. ` +
-            `Add headers.Authorization to your config (OAuth flow is not yet supported).`);
+            `Add 'auth: oauth' to enable the OAuth 2.1 flow, or set headers.Authorization for a static bearer token.`);
         this.name = "RemoteAuthRequiredError";
         this.serverName = serverName;
         this.wwwAuthenticate = wwwAuthenticate;
@@ -41,7 +42,7 @@ export class ProtocolError extends Error {
  * Construct an SDK Transport for a normalized config.
  * Does NOT call .start() — caller (Client.connect) handles that.
  */
-export async function buildTransport(cfg) {
+export async function buildTransport(cfg, opts = {}) {
     if (cfg.type === "stdio") {
         return new StdioClientTransport({
             command: cfg.command,
@@ -52,11 +53,13 @@ export async function buildTransport(cfg) {
     if (cfg.type === "http") {
         return new StreamableHTTPClientTransport(new URL(cfg.url), {
             requestInit: cfg.headers ? { headers: cfg.headers } : undefined,
+            authProvider: opts.authProvider,
         });
     }
     if (cfg.type === "sse") {
         return new SSEClientTransport(new URL(cfg.url), {
             requestInit: cfg.headers ? { headers: cfg.headers } : undefined,
+            authProvider: opts.authProvider,
         });
     }
     throw new Error(`unknown transport type: ${cfg.type}`);
@@ -112,7 +115,6 @@ export async function connectWithFallback(cfg, doConnect) {
         if (!isFallbackCandidate(err))
             throw err;
         // Log + retry
-        // biome-ignore lint/suspicious/noConsole: user-facing diagnostic
         console.warn(`[mcp] ${cfg.name}: Streamable HTTP failed (${err.message}); trying legacy SSE`);
         const sseCfg = { ...cfg, type: "sse" };
         return await doConnect(sseCfg);
@@ -120,25 +122,87 @@ export async function connectWithFallback(cfg, doConnect) {
 }
 const DEFAULT_TIMEOUT_MS = 5_000;
 const CLIENT_INFO = { name: "openharness", version: pkg.version };
+/** Duck-type check: does this provider expose awaitCallback (our OhOAuthProvider)? */
+function hasAwaitCallback(p) {
+    return typeof p.awaitCallback === "function";
+}
 /**
  * Build a connected SDK Client for a normalized config.
  * Maps connect-time errors into OH's typed error taxonomy.
+ *
+ * When the auth provider exposes `awaitCallback()` (i.e. OhOAuthProvider), this
+ * function handles the full OAuth callback → finishAuth → reconnect loop so callers
+ * don't need to orchestrate it manually.
  */
-export async function buildClient(cfg) {
-    const transport = await buildTransport(cfg);
+export async function buildClient(cfg, opts = {}) {
+    const transport = await buildTransport(cfg, opts);
     const client = new Client(CLIENT_INFO, { capabilities: {} });
     const timeoutMs = cfg.timeout ?? DEFAULT_TIMEOUT_MS;
-    let timer = null;
+    async function tryConnect() {
+        let timer = null;
+        try {
+            await Promise.race([
+                client.connect(transport),
+                new Promise((_, reject) => {
+                    timer = setTimeout(() => reject(new Error(`init timeout after ${timeoutMs}ms`)), timeoutMs);
+                }),
+            ]);
+        }
+        finally {
+            if (timer !== null)
+                clearTimeout(timer);
+        }
+    }
     try {
-        await Promise.race([
-            client.connect(transport),
-            new Promise((_, reject) => {
-                timer = setTimeout(() => reject(new Error(`init timeout after ${timeoutMs}ms`)), timeoutMs);
-            }),
-        ]);
+        await tryConnect();
         return client;
     }
     catch (err) {
+        // If the SDK requires a browser-based OAuth flow (UnauthorizedError after REDIRECT),
+        // and our provider knows how to await the callback, complete the loop here.
+        // Per the SDK design, after finishAuth we must create a fresh transport + client
+        // because the original transport is already in a "started" state.
+        if (err instanceof UnauthorizedError && opts.authProvider && hasAwaitCallback(opts.authProvider)) {
+            try {
+                const { code } = await opts.authProvider.awaitCallback();
+                await transport.finishAuth(code);
+                // Close the old transport before constructing a fresh one — the SDK's
+                // Transport is one-shot after an UnauthorizedError; leaving it open leaks
+                // the underlying TCP socket / event stream.
+                try {
+                    await transport.close?.();
+                }
+                catch {
+                    // best-effort
+                }
+                // Build a fresh transport + client for the authenticated retry
+                const freshTransport = await buildTransport(cfg, opts);
+                const freshClient = new Client(CLIENT_INFO, { capabilities: {} });
+                let freshTimer = null;
+                try {
+                    await Promise.race([
+                        freshClient.connect(freshTransport),
+                        new Promise((_, reject) => {
+                            freshTimer = setTimeout(() => reject(new Error(`init timeout after ${timeoutMs}ms`)), timeoutMs);
+                        }),
+                    ]);
+                }
+                finally {
+                    if (freshTimer !== null)
+                        clearTimeout(freshTimer);
+                }
+                return freshClient;
+            }
+            catch (oauthErr) {
+                // Classify the retry error the same way as the primary path
+                if (oauthErr instanceof RemoteAuthRequiredError ||
+                    oauthErr instanceof UnreachableError ||
+                    oauthErr instanceof ProtocolError) {
+                    throw oauthErr;
+                }
+                throw new ProtocolError(cfg.name, oauthErr);
+            }
+        }
         // Leave RemoteAuthRequiredError / UnreachableError / ProtocolError as-is
         if (err instanceof RemoteAuthRequiredError || err instanceof UnreachableError || err instanceof ProtocolError) {
             throw err;
@@ -151,9 +215,5 @@ export async function buildClient(cfg) {
         // Otherwise protocol-shaped
         throw new ProtocolError(cfg.name, err);
     }
-    finally {
-        if (timer !== null)
-            clearTimeout(timer);
-    }
 }
 //# sourceMappingURL=transport.js.map

package/dist/providers/fallback.js

@@ -33,20 +33,26 @@ export function createFallbackProvider(primary, fallbacks) {
             ];
             for (let i = 0; i < providers.length; i++) {
                 const p = providers[i];
+                let hasYielded = false;
                 try {
-                    let _hasYielded = false;
                     for await (const event of p.provider.stream(messages, systemPrompt, tools, p.model)) {
-                        _hasYielded = true;
+                        hasYielded = true;
                         yield event;
                     }
-                    _activeFallback = i === 0 ? null : p.provider.name;
+                    if (i > 0) {
+                        console.warn(`[provider] fell back from ${primary.name} to ${p.provider.name}`);
+                        _activeFallback = p.provider.name;
+                    }
+                    else {
+                        _activeFallback = null;
+                    }
                     return;
                 }
                 catch (err) {
-                    // Mid-stream failure: can't un-send events, propagate error
-                    if (i > 0 || !isRetriableError(err))
+                    // Mid-stream failure OR non-retriable OR fallback error: propagate.
+                    if (i > 0 || !isRetriableError(err) || hasYielded)
                         throw err;
-                    // Pre-stream failure on primary: try next provider
+                    // Pre-stream retriable failure on primary only: try next provider.
                     _activeFallback = null;
                 }
             }
@@ -63,7 +69,13 @@ export function createFallbackProvider(primary, fallbacks) {
                 const p = providers[i];
                 try {
                     const result = await p.provider.complete(messages, systemPrompt, tools, p.model);
-                    _activeFallback = i === 0 ? null : p.provider.name;
+                    if (i > 0) {
+                        console.warn(`[provider] fell back from ${primary.name} to ${p.provider.name}`);
+                        _activeFallback = p.provider.name;
+                    }
+                    else {
+                        _activeFallback = null;
+                    }
                     return result;
                 }
                 catch (err) {

package/dist/providers/index.js

@@ -1,7 +1,9 @@
 /**
  * Provider factory — create the right provider from a model string.
  */
+import { readOhConfig } from "../harness/config.js";
 import { AnthropicProvider } from "./anthropic.js";
+import { createFallbackProvider } from "./fallback.js";
 import { LlamaCppProvider } from "./llamacpp.js";
 import { OllamaProvider } from "./ollama.js";
 import { OpenAIProvider } from "./openai.js";
@@ -29,8 +31,22 @@ export async function createProvider(modelArg, overrides) {
         defaultModel: model,
         ...overrides,
     };
-    const provider = createProviderInstance(providerName, config);
-    return { provider, model };
+    const primary = createProviderInstance(providerName, config);
+    const fallbackCfgs = readOhConfig()?.fallbackProviders ?? [];
+    if (fallbackCfgs.length === 0) {
+        return { provider: primary, model };
+    }
+    const fallbacks = fallbackCfgs.map((fb) => ({
+        provider: createProviderInstance(fb.provider, {
+            name: fb.provider,
+            apiKey: fb.apiKey ?? process.env[`${fb.provider.toUpperCase()}_API_KEY`],
+            baseUrl: fb.baseUrl,
+            defaultModel: fb.model ?? model,
+        }),
+        model: fb.model,
+    }));
+    const wrapped = createFallbackProvider(primary, fallbacks);
+    return { provider: wrapped, model };
 }
 export { createProviderInstance, guessProviderFromModel };
 function createProviderInstance(name, config) {

package/dist/providers/router.d.ts

@@ -45,4 +45,8 @@ export declare class ModelRouter {
     /** Get all configured tiers */
     get tiers(): Record<ModelTier, string>;
 }
+/** Record the router's selection for a session. Keeps only the most recent 256 sessions. */
+export declare function recordRouteSelection(sessionId: string, result: RouteResult): void;
+/** Retrieve the most recent selection for a session, or undefined. */
+export declare function getRouteSelection(sessionId: string): RouteResult | undefined;
 //# sourceMappingURL=router.d.ts.map

package/dist/providers/router.js

@@ -58,4 +58,23 @@ export class ModelRouter {
         };
     }
 }
+const ROUTE_SELECTION_CAP = 256;
+const routeSelections = new Map();
+/** Record the router's selection for a session. Keeps only the most recent 256 sessions. */
+export function recordRouteSelection(sessionId, result) {
+    // Map preserves insertion order. Delete-then-set moves the key to the end,
+    // so oldest is always keys().next().
+    if (routeSelections.has(sessionId))
+        routeSelections.delete(sessionId);
+    routeSelections.set(sessionId, result);
+    if (routeSelections.size > ROUTE_SELECTION_CAP) {
+        const oldest = routeSelections.keys().next().value;
+        if (oldest !== undefined)
+            routeSelections.delete(oldest);
+    }
+}
+/** Retrieve the most recent selection for a session, or undefined. */
+export function getRouteSelection(sessionId) {
+    return routeSelections.get(sessionId);
+}
 //# sourceMappingURL=router.js.map

package/dist/query/index.js

@@ -8,7 +8,9 @@
  * - types.ts — shared types
  */
 import { DeferredTool } from "../DeferredTool.js";
+import { readOhConfig } from "../harness/config.js";
 import { getContextWindow } from "../harness/cost.js";
+import { ModelRouter } from "../providers/router.js";
 import { StreamingToolExecutor } from "../services/StreamingToolExecutor.js";
 import { toolToAPIFormat } from "../Tool.js";
 import { createAssistantMessage, createToolResultMessage, createUserMessage } from "../types/message.js";
@@ -18,8 +20,27 @@ import { isNetworkError, isOverloadError, isPromptTooLongError, isRateLimitError
 import { executeToolCalls } from "./tools.js";
 export { compressMessages } from "./compress.js";
 const DEFAULT_MAX_TURNS = 50;
+/** Rough context-usage estimate in [0, 1]. Returns undefined when tokenization is unavailable. */
+function estimateRouteContextUsage(messages, provider, model) {
+    const estimate = provider.estimateTokens?.bind(provider);
+    if (!estimate)
+        return undefined;
+    const info = provider.getModelInfo?.(model);
+    const window = info?.contextWindow;
+    if (!window || window <= 0)
+        return undefined;
+    let total = 0;
+    for (const m of messages) {
+        if (typeof m.content === "string")
+            total += estimate(m.content);
+        // Non-string content (tool calls etc.) is skipped — rough estimate only.
+    }
+    return Math.min(1, total / window);
+}
 export async function* query(userMessage, config, existingMessages = []) {
     const maxTurns = config.maxTurns ?? DEFAULT_MAX_TURNS;
+    const routerCfg = readOhConfig()?.modelRouter ?? {};
+    const router = new ModelRouter(routerCfg, config.model ?? "");
     const toolContext = {
         workingDir: config.workingDir ?? process.cwd(),
         abortSignal: config.abortSignal,
@@ -160,7 +181,16 @@ export async function* query(userMessage, config, existingMessages = []) {
         let streamError = null;
         const streamingExecutor = new StreamingToolExecutor(config.tools, toolContext, config.permissionMode, config.askUser, config.abortSignal);
         try {
-            for await (const event of config.provider.stream(state.messages, turnPrompt, apiTools, config.model)) {
+            const ctxUsage = estimateRouteContextUsage(state.messages, config.provider, config.model ?? "");
+            const selection = router.select({
+                turn: state.turn,
+                hadToolCalls: state.lastTurnHadTools ?? false,
+                toolCallCount: state.lastTurnToolCount ?? 0,
+                contextUsage: ctxUsage,
+                isFinalResponse: (state.lastTurnHadTools === false || state.lastTurnHadTools === undefined) && state.turn > 1,
+                role: config.role,
+            });
+            for await (const event of config.provider.stream(state.messages, turnPrompt, apiTools, selection.model)) {
                 if (config.abortSignal?.aborted)
                     break;
                 switch (event.type) {
@@ -283,6 +313,8 @@ export async function* query(userMessage, config, existingMessages = []) {
         if (remaining.length > 0) {
             yield* executeToolCalls(remaining, config.tools, toolContext, config.permissionMode, config.askUser, state);
         }
+        state.lastTurnHadTools = toolCalls.length > 0;
+        state.lastTurnToolCount = toolCalls.length;
         state.transition = "next_turn";
     }
     yield { type: "turn_complete", reason: "max_turns" };

package/dist/query/tools.js

@@ -2,7 +2,7 @@
  * Tool execution — permission checking, batching, output capping.
  */
 import { createCheckpoint, getAffectedFiles } from "../harness/checkpoints.js";
-import { emitHook } from "../harness/hooks.js";
+import { emitHook, emitHookWithOutcome } from "../harness/hooks.js";
 import { findToolByName } from "../Tool.js";
 import { createToolResultMessage } from "../types/message.js";
 import { checkPermission } from "../types/permissions.js";
@@ -45,9 +45,28 @@ export async function executeSingleTool(toolCall, tools, context, permissionMode
         if (perm.reason === "needs-approval" && askUser) {
             const { formatToolArgs } = await import("../utils/tool-summary.js");
             const description = formatToolArgs(tool.name, toolCall.arguments);
-            const allowed = await askUser(tool.name, description, tool.riskLevel);
-            if (!allowed) {
-                return { output: "Permission denied by user.", isError: true };
+            // Hook: permissionRequest — fires between preToolUse and the interactive askUser prompt.
+            // Only fires when checkPermission says "needs-approval" AND askUser is provided.
+            const hookOutcome = await emitHookWithOutcome("permissionRequest", {
+                toolName: tool.name,
+                toolArgs: JSON.stringify(toolCall.arguments).slice(0, 1000),
+                toolInputJson: JSON.stringify(parsed.data).slice(0, 1000),
+                permissionMode,
+                permissionAction: "ask",
+            });
+            if (hookOutcome.permissionDecision === "allow") {
+                // Hook granted permission — skip interactive prompt and proceed to execution.
+            }
+            else if (hookOutcome.permissionDecision === "deny" || !hookOutcome.allowed) {
+                const reason = hookOutcome.reason ? `: ${hookOutcome.reason}` : "";
+                return { output: `Permission denied by hook${reason}`, isError: true };
+            }
+            else {
+                // "ask" or no decision → fall through to interactive prompt
+                const allowed = await askUser(tool.name, description, tool.riskLevel);
+                if (!allowed) {
+                    return { output: "Permission denied by user.", isError: true };
+                }
             }
         }
         else {
@@ -79,12 +98,23 @@ export async function executeSingleTool(toolCall, tools, context, permissionMode
                 toolAbort.addEventListener("abort", () => reject(new Error(`Tool '${tool.name}' timed out after ${TOOL_TIMEOUT_MS / 1000}s`)));
             }),
         ]);
-        // Hook: postToolUse
-        emitHook("postToolUse", {
-            toolName: tool.name,
-            toolArgs: JSON.stringify(toolCall.arguments).slice(0, 1000),
-            toolOutput: result.output.slice(0, 1000),
-        });
+        // Hook: postToolUse / postToolUseFailure (mutually exclusive — strict CC parity)
+        if (result.isError) {
+            emitHook("postToolUseFailure", {
+                toolName: tool.name,
+                toolArgs: JSON.stringify(toolCall.arguments).slice(0, 1000),
+                toolOutput: result.output.slice(0, 1000),
+                toolError: "ReportedError",
+                errorMessage: result.output.slice(0, 1000),
+            });
+        }
+        else {
+            emitHook("postToolUse", {
+                toolName: tool.name,
+                toolArgs: JSON.stringify(toolCall.arguments).slice(0, 1000),
+                toolOutput: result.output.slice(0, 1000),
+            });
+        }
         // Emit fileChanged hook for file-modifying tools
         if (!result.isError && ["Edit", "Write", "MultiEdit"].includes(tool.name)) {
             const filePaths = getAffectedFiles(tool.name, parsed.data);
@@ -141,7 +171,15 @@ export async function executeSingleTool(toolCall, tools, context, permissionMode
         return { output, isError: result.isError };
     }
     catch (err) {
-        return { output: `Tool error: ${err instanceof Error ? err.message : String(err)}`, isError: true };
+        const errMsg = err instanceof Error ? err.message : String(err);
+        const errName = err instanceof Error ? err.name : "ExecutionError";
+        emitHook("postToolUseFailure", {
+            toolName: tool.name,
+            toolArgs: JSON.stringify(toolCall.arguments).slice(0, 1000),
+            errorMessage: errMsg,
+            toolError: errName,
+        });
+        return { output: `Tool error: ${errMsg}`, isError: true };
     }
 }
 export async function* executeToolCalls(toolCalls, tools, context, permissionMode, askUser, state) {

package/dist/query/types.d.ts

@@ -20,6 +20,8 @@ export type QueryConfig = {
     workingDir?: string;
     /** Auto-commit after each file-modifying tool */
     gitCommitPerTool?: boolean;
+    /** For sub-agent invocations: the agent role name (feeds into the model router). */
+    role?: string;
 };
 export type TransitionReason = "next_turn" | "retry_network" | "retry_prompt_too_long" | "retry_max_output_tokens";
 export type QueryLoopState = {
@@ -33,5 +35,9 @@ export type QueryLoopState = {
     promptTooLongRetries?: number;
     /** Track consecutive compression failures for circuit breaker */
     compressionFailures?: number;
+    /** Whether the previous turn made any tool calls (feeds ModelRouter) */
+    lastTurnHadTools?: boolean;
+    /** Number of tool calls in the previous turn (feeds ModelRouter) */
+    lastTurnToolCount?: number;
 };
 //# sourceMappingURL=types.d.ts.map

package/dist/tools/AgentTool/index.js

@@ -99,7 +99,7 @@ export const AgentTool = {
             const runAgent = async () => {
                 let finalText = "";
                 try {
-                    for await (const event of query(input.prompt, config)) {
+                    for await (const event of query(input.prompt, { ...config, role: role?.id })) {
                         if (event.type === "text_delta")
                             finalText += event.content;
                     }
@@ -137,7 +137,7 @@ export const AgentTool = {
         let finalText = "";
         try {
             try {
-                for await (const event of query(input.prompt, config)) {
+                for await (const event of query(input.prompt, { ...config, role: role?.id })) {
                     if (event.type === "text_delta") {
                         finalText += event.content;
                     }

package/dist/tools/ScheduleWakeupTool/index.d.ts

@@ -5,12 +5,12 @@ declare const inputSchema: z.ZodObject<{
     reason: z.ZodString;
     prompt: z.ZodString;
 }, "strip", z.ZodTypeAny, {
-    prompt: string;
     reason: string;
+    prompt: string;
     delaySeconds: number;
 }, {
-    prompt: string;
     reason: string;
+    prompt: string;
     delaySeconds: number;
 }>;
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zhijiewang/openharness",
-  "version": "2.11.0",
+  "version": "2.13.0",
   "description": "Open-source terminal coding agent. Works with any LLM.",
   "type": "module",
   "bin": {
@@ -44,6 +44,7 @@
     "ink-spinner": "^5.0.0",
     "ink-text-input": "^6.0.0",
     "marked": "^17.0.5",
+    "open": "^11.0.0",
     "react": "^18.3.1",
     "yaml": "^2.7.0",
     "zod": "^3.24.0"