@zhijiewang/openharness 2.21.0 → 2.22.0

package/dist/harness/api-key-helper.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Run the configured `apiKeyHelper` script and return its trimmed stdout as
+ * the API key (audit B8). Mirrors Claude Code's `apiKeyHelper`.
+ *
+ * Invocation:
+ *   - shell: true (so `helper-script.sh` and pipelines work without an explicit shell)
+ *   - 5s timeout (helper should be fast — it's invoked at credential-fetch time)
+ *   - OH_PROVIDER env var set so a single helper can dispatch by provider
+ *   - stderr captured and surfaced on failure
+ *
+ * Failure modes — all return undefined (caller falls through to legacy config):
+ *   - non-zero exit code
+ *   - timeout
+ *   - empty stdout
+ *   - spawn error (helper not found, permission denied, etc.)
+ *
+ * Failures are logged via `debug("config", ...)` so users can opt into
+ * visibility with `--debug config` without polluting normal output.
+ */
+export interface RunApiKeyHelperOptions {
+    /** Provider name passed to the helper as `OH_PROVIDER`. */
+    provider: string;
+    /** Spawn timeout in ms. Defaults to 5_000. */
+    timeoutMs?: number;
+}
+/**
+ * Execute `command` via the user's shell with `OH_PROVIDER` set, return the
+ * trimmed stdout on success, undefined on any failure. Pure side-effect-only —
+ * no caching here; resolveApiKey owns lifetime.
+ */
+export declare function runApiKeyHelper(command: string, opts: RunApiKeyHelperOptions): string | undefined;
+//# sourceMappingURL=api-key-helper.d.ts.map

package/dist/harness/api-key-helper.js

@@ -0,0 +1,70 @@
+/**
+ * Run the configured `apiKeyHelper` script and return its trimmed stdout as
+ * the API key (audit B8). Mirrors Claude Code's `apiKeyHelper`.
+ *
+ * Invocation:
+ *   - shell: true (so `helper-script.sh` and pipelines work without an explicit shell)
+ *   - 5s timeout (helper should be fast — it's invoked at credential-fetch time)
+ *   - OH_PROVIDER env var set so a single helper can dispatch by provider
+ *   - stderr captured and surfaced on failure
+ *
+ * Failure modes — all return undefined (caller falls through to legacy config):
+ *   - non-zero exit code
+ *   - timeout
+ *   - empty stdout
+ *   - spawn error (helper not found, permission denied, etc.)
+ *
+ * Failures are logged via `debug("config", ...)` so users can opt into
+ * visibility with `--debug config` without polluting normal output.
+ */
+import { spawnSync } from "node:child_process";
+import { debug } from "../utils/debug.js";
+/**
+ * Execute `command` via the user's shell with `OH_PROVIDER` set, return the
+ * trimmed stdout on success, undefined on any failure. Pure side-effect-only —
+ * no caching here; resolveApiKey owns lifetime.
+ */
+export function runApiKeyHelper(command, opts) {
+    const timeout = opts.timeoutMs ?? 5_000;
+    try {
+        const result = spawnSync(command, {
+            shell: true,
+            timeout,
+            stdio: ["ignore", "pipe", "pipe"],
+            env: { ...process.env, OH_PROVIDER: opts.provider },
+            encoding: "utf8",
+        });
+        if (result.error) {
+            debug("config", "apiKeyHelper spawn failed", { provider: opts.provider, err: result.error.message });
+            return undefined;
+        }
+        if (result.signal === "SIGTERM") {
+            debug("config", "apiKeyHelper timed out", { provider: opts.provider, timeoutMs: timeout });
+            return undefined;
+        }
+        if (result.status !== 0) {
+            const stderr = (result.stderr ?? "").toString().trim().slice(0, 500);
+            debug("config", "apiKeyHelper non-zero exit", {
+                provider: opts.provider,
+                exit: result.status,
+                stderr,
+            });
+            return undefined;
+        }
+        const out = (result.stdout ?? "").toString().trim();
+        if (!out) {
+            debug("config", "apiKeyHelper produced empty stdout", { provider: opts.provider });
+            return undefined;
+        }
+        debug("config", "apiKeyHelper resolved", { provider: opts.provider, length: out.length });
+        return out;
+    }
+    catch (err) {
+        debug("config", "apiKeyHelper threw", {
+            provider: opts.provider,
+            err: err instanceof Error ? err.message : String(err),
+        });
+        return undefined;
+    }
+}
+//# sourceMappingURL=api-key-helper.js.map

package/dist/harness/config.d.ts

@@ -80,6 +80,19 @@ export type HooksConfig = {
     worktreeCreate?: HookDef[];
     /** Fires after ExitWorktreeTool successfully removes a git worktree. */
     worktreeRemove?: HookDef[];
+    /**
+     * Fires when an MCP server issues an `elicitation/create` request — before
+     * any decision is made. Hook can return `permissionDecision: "allow"` to
+     * accept (sends `{action: "accept", content: {}}` to the server) or `"deny"`
+     * to decline. No decision falls through to the interactive handler (REPL)
+     * or, if absent, to a fail-safe `decline`.
+     */
+    elicitation?: HookDef[];
+    /**
+     * Fires after the elicitation response has been decided — symmetric to
+     * `elicitation`. Useful for audit trails that want the request/response pair.
+     */
+    elicitationResult?: HookDef[];
     /** Fires once per system-prompt build after CLAUDE.md / global-rules / project RULES.md / user profile have been concatenated. Useful for audit trails. */
     instructionsLoaded?: HookDef[];
 };
@@ -124,6 +137,18 @@ export type OhConfig = {
      * Claude Code's `disableAllHooks` setting.
      */
     disableAllHooks?: boolean;
+    /**
+     * Script invoked at credential-fetch time to produce an API key on stdout.
+     * Avoids storing keys in plaintext config or the encrypted store. Inserted
+     * between the encrypted-store and legacy-config steps in `resolveApiKey`.
+     * Mirrors Claude Code's `apiKeyHelper`.
+     *
+     * The configured command runs through the user's shell with a 5s timeout;
+     * stderr is captured and surfaced on failure. The provider name is passed
+     * via the `OH_PROVIDER` env var so a single helper can dispatch by provider
+     * (`if [ "$OH_PROVIDER" = "anthropic" ]; then ... fi`).
+     */
+    apiKeyHelper?: string;
     toolPermissions?: ToolPermissionRule[];
     statusLineFormat?: string;
     /** Verification loops — auto-run lint/typecheck after file edits */

package/dist/harness/credentials.d.ts

@@ -15,10 +15,12 @@ export declare function deleteCredential(key: string): void;
 /** List credential keys (not values) */
 export declare function listCredentials(): string[];
 /**
- * Get API key for a provider, checking:
- * 1. Environment variable (highest priority)
- * 2. Encrypted credential store
- * 3. Config file (legacy plaintext, with migration prompt)
+ * Get API key for a provider, checking in priority order:
+ *   1. Environment variable
+ *   2. Encrypted credential store
+ *   3. `apiKeyHelper` config script (audit B8) — runs the configured command
+ *      with `OH_PROVIDER` set; trimmed stdout is the key. Failures fall through.
+ *   4. Config file (legacy plaintext, with migration into the encrypted store)
  */
 export declare function resolveApiKey(provider: string, configApiKey?: string): string | undefined;
 //# sourceMappingURL=credentials.d.ts.map

package/dist/harness/credentials.js

@@ -10,6 +10,8 @@ import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from "node:
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import { homedir, hostname, userInfo } from "node:os";
 import { join } from "node:path";
+import { runApiKeyHelper } from "./api-key-helper.js";
+import { readOhConfig } from "./config.js";
 const CRED_DIR = join(homedir(), ".oh");
 const CRED_PATH = join(CRED_DIR, "credentials.enc");
 const ALGORITHM = "aes-256-gcm";
@@ -74,10 +76,12 @@ export function listCredentials() {
     return Object.keys(loadStore());
 }
 /**
- * Get API key for a provider, checking:
- * 1. Environment variable (highest priority)
- * 2. Encrypted credential store
- * 3. Config file (legacy plaintext, with migration prompt)
+ * Get API key for a provider, checking in priority order:
+ *   1. Environment variable
+ *   2. Encrypted credential store
+ *   3. `apiKeyHelper` config script (audit B8) — runs the configured command
+ *      with `OH_PROVIDER` set; trimmed stdout is the key. Failures fall through.
+ *   4. Config file (legacy plaintext, with migration into the encrypted store)
  */
 export function resolveApiKey(provider, configApiKey) {
     // Environment variable names by provider
@@ -93,6 +97,13 @@ export function resolveApiKey(provider, configApiKey) {
     const stored = getCredential(`${provider}-api-key`);
     if (stored)
         return stored;
+    // apiKeyHelper script — let users plug in 1Password / pass / vault / etc.
+    const cfg = readOhConfig();
+    if (cfg?.apiKeyHelper) {
+        const fromHelper = runApiKeyHelper(cfg.apiKeyHelper, { provider });
+        if (fromHelper)
+            return fromHelper;
+    }
     // Legacy config (migrate on use)
     if (configApiKey) {
         // Auto-migrate to encrypted store

package/dist/harness/hooks.d.ts

@@ -10,7 +10,7 @@
  * - prompt: LLM yes/no check via provider.complete()
  */
 import type { HookDef, HooksConfig } from "./config.js";
-export type HookEvent = "sessionStart" | "sessionEnd" | "preToolUse" | "postToolUse" | "postToolUseFailure" | "postToolBatch" | "userPromptSubmit" | "userPromptExpansion" | "permissionRequest" | "permissionDenied" | "fileChanged" | "cwdChanged" | "subagentStart" | "subagentStop" | "preCompact" | "postCompact" | "configChange" | "notification" | "turnStart" | "turnStop" | "taskCreated" | "taskCompleted" | "worktreeCreate" | "worktreeRemove" | "instructionsLoaded";
+export type HookEvent = "sessionStart" | "sessionEnd" | "preToolUse" | "postToolUse" | "postToolUseFailure" | "postToolBatch" | "userPromptSubmit" | "userPromptExpansion" | "permissionRequest" | "permissionDenied" | "fileChanged" | "cwdChanged" | "subagentStart" | "subagentStop" | "preCompact" | "postCompact" | "configChange" | "notification" | "turnStart" | "turnStop" | "taskCreated" | "taskCompleted" | "worktreeCreate" | "worktreeRemove" | "elicitation" | "elicitationResult" | "instructionsLoaded";
 export type HookContext = {
     toolName?: string;
     toolArgs?: string;
@@ -66,6 +66,16 @@ export type HookContext = {
     worktreeParent?: string;
     /** For worktreeRemove: whether `force: true` was passed to skip the dirty-state check */
     worktreeForced?: string;
+    /** For elicitation/elicitationResult: the MCP server that issued the elicitation request */
+    elicitationServer?: string;
+    /** For elicitation/elicitationResult: human-readable message the server wants to show (capped at 500 chars) */
+    elicitationMessage?: string;
+    /** For elicitation: JSON-stringified `requestedSchema` from the server (capped at 2000 chars) */
+    elicitationSchema?: string;
+    /** For elicitationResult: the final action ("accept" | "decline" | "cancel") */
+    elicitationAction?: string;
+    /** For elicitationResult: JSON-stringified content payload returned to the server (when action="accept") */
+    elicitationContent?: string;
     /** For instructionsLoaded: count of rules concatenated (as a string for env-var parity) */
     rulesCount?: string;
     /** For instructionsLoaded: total character length of the loaded rules */

package/dist/harness/hooks.js

@@ -90,6 +90,16 @@ function buildEnv(event, ctx) {
         env.OH_WORKTREE_PARENT = ctx.worktreeParent;
     if (ctx.worktreeForced !== undefined)
         env.OH_WORKTREE_FORCED = ctx.worktreeForced;
+    if (ctx.elicitationServer !== undefined)
+        env.OH_ELICITATION_SERVER = ctx.elicitationServer;
+    if (ctx.elicitationMessage !== undefined)
+        env.OH_ELICITATION_MESSAGE = ctx.elicitationMessage;
+    if (ctx.elicitationSchema !== undefined)
+        env.OH_ELICITATION_SCHEMA = ctx.elicitationSchema;
+    if (ctx.elicitationAction !== undefined)
+        env.OH_ELICITATION_ACTION = ctx.elicitationAction;
+    if (ctx.elicitationContent !== undefined)
+        env.OH_ELICITATION_CONTENT = ctx.elicitationContent;
     return env;
 }
 /**

package/dist/main.js

@@ -207,6 +207,10 @@ program
     .option("--bare", "Skip optional startup work (project detection, plugins, memory, skills, MCP). System prompt is just the tool-use baseline. Useful for fast CI / SDK invocations.")
     .option("--debug [categories]", "Enable categorized debug logs to stderr. Pass comma-separated categories (e.g. 'mcp,hooks') or no value for all. Also reads OH_DEBUG.")
     .option("--debug-file <path>", "When --debug is set, append debug lines to this file instead of stderr.")
+    .option("--fallback-model <model>", "One-shot fallback model used when the primary fails with a retriable error (429/5xx/network/timeout). Format: provider/model or just model. REPLACES .oh/config.yaml fallbackProviders for this run. Mirrors Claude Code's --fallback-model.")
+    .option("--init", "Run the interactive `oh init` setup wizard before starting the command. Useful for first-run on a fresh project.")
+    .option("--init-only", "Run `oh init` and exit, without proceeding to the run/session.")
+    .option("--permission-prompt-tool <mcp_tool>", 'Delegate per-tool permission decisions to a configured MCP tool (e.g. "mcp__myperm__check"). The tool is invoked when a tool needs approval and no permission hook decided. Mirrors Claude Code\'s --permission-prompt-tool.')
     .action(async (promptArg, opts) => {
     configureDebug({
         categories: opts.debug,
@@ -214,6 +218,11 @@ program
     });
     const bare = opts.bare === true;
     debug("startup", "oh run", { bare, model: opts.model });
+    // --init / --init-only run the setup wizard before (or instead of) the
+    // actual run. --init-only exits after the wizard; --init falls through.
+    if (opts.init === true || opts.initOnly === true) {
+        await runInitWizard({ exitOnDone: opts.initOnly === true });
+    }
     // Read from stdin if prompt is "-" or omitted and stdin is not a TTY
     let prompt;
     if (!promptArg || promptArg === "-" || !process.stdin.isTTY) {
@@ -248,7 +257,7 @@ program
         overrides.apiKey = savedConfig.apiKey;
     if (savedConfig?.baseUrl)
         overrides.baseUrl = savedConfig.baseUrl;
-    const { provider, model } = await createProvider(effectiveModel, Object.keys(overrides).length ? overrides : undefined);
+    const { provider, model } = await createProvider(effectiveModel, Object.keys(overrides).length ? overrides : undefined, opts.fallbackModel ? { fallbackModel: opts.fallbackModel } : {});
     const { query } = await import("./query.js");
     // Tool list = built-ins + MCP server tools (project config + --mcp-config).
     // Previously oh run skipped MCP entirely, which silently broke the SDK
@@ -294,6 +303,7 @@ program
         maxTurns: parseInt(opts.maxTurns, 10),
         model,
         ...(opts.maxBudgetUsd !== undefined ? { maxCost: parseMaxBudgetUsdOrExit(opts.maxBudgetUsd) } : {}),
+        ...(opts.permissionPromptTool ? { permissionPromptTool: opts.permissionPromptTool } : {}),
     };
     const outputFormat = opts.json ? "json" : (opts.outputFormat ?? "text");
     let fullOutput = "";
@@ -469,6 +479,10 @@ program
     .option("--bare", "Skip optional startup work (project detection, plugins, memory, skills, MCP). System prompt is just the tool-use baseline.")
     .option("--debug [categories]", "Enable categorized debug logs to stderr. Pass comma-separated categories (e.g. 'mcp,hooks') or no value for all. Also reads OH_DEBUG.")
     .option("--debug-file <path>", "When --debug is set, append debug lines to this file instead of stderr.")
+    .option("--fallback-model <model>", "One-shot fallback model used when the primary fails with a retriable error. Format: provider/model or just model. REPLACES .oh/config.yaml fallbackProviders for this run.")
+    .option("--init", "Run the interactive setup wizard before starting the session.")
+    .option("--init-only", "Run `oh init` and exit, without proceeding to the session.")
+    .option("--permission-prompt-tool <mcp_tool>", 'Delegate per-tool permission decisions to a configured MCP tool (e.g. "mcp__myperm__check"). Invoked when a tool needs approval and no permission hook decided.')
     .action(async (opts) => {
     configureDebug({
         categories: opts.debug,
@@ -476,6 +490,9 @@ program
     });
     const bare = opts.bare === true;
     debug("startup", "oh session", { bare, model: opts.model });
+    if (opts.init === true || opts.initOnly === true) {
+        await runInitWizard({ exitOnDone: opts.initOnly === true });
+    }
     const settingSources = parseSettingSources(opts.settingSources);
     const savedConfig = readOhConfig(undefined, settingSources);
     const permissionMode = (opts.permissionMode ??
@@ -488,7 +505,7 @@ program
         overrides.apiKey = savedConfig.apiKey;
     if (savedConfig?.baseUrl)
         overrides.baseUrl = savedConfig.baseUrl;
-    const { provider, model } = await createProvider(effectiveModel, Object.keys(overrides).length ? overrides : undefined);
+    const { provider, model } = await createProvider(effectiveModel, Object.keys(overrides).length ? overrides : undefined, opts.fallbackModel ? { fallbackModel: opts.fallbackModel } : {});
     const { query } = await import("./query.js");
     const { createAssistantMessage, createToolResultMessage, createUserMessage } = await import("./types/message.js");
     // Tool list = built-ins + MCP server tools (project config + --mcp-config).
@@ -532,6 +549,7 @@ program
         maxTurns: parseInt(opts.maxTurns, 10),
         model,
         ...(opts.maxBudgetUsd !== undefined ? { maxCost: parseMaxBudgetUsdOrExit(opts.maxBudgetUsd) } : {}),
+        ...(opts.permissionPromptTool ? { permissionPromptTool: opts.permissionPromptTool } : {}),
     };
     // Conversation history, shared across all prompts for this process.
     // Seeded from a prior session when --resume <id> is passed; otherwise a
@@ -706,6 +724,9 @@ program
     .option("--bare", "Skip optional startup work (project detection, plugins, memory, skills, MCP). System prompt is just the tool-use baseline.")
     .option("--debug [categories]", "Enable categorized debug logs to stderr. Pass comma-separated categories (e.g. 'mcp,hooks') or no value for all. Also reads OH_DEBUG.")
     .option("--debug-file <path>", "When --debug is set, append debug lines to this file instead of stderr.")
+    .option("--fallback-model <model>", "One-shot fallback model used when the primary fails with a retriable error. Format: provider/model or just model. REPLACES .oh/config.yaml fallbackProviders for this run.")
+    .option("--init", "Run the interactive setup wizard before starting the chat session.")
+    .option("--init-only", "Run `oh init` and exit, without proceeding to the chat session.")
     .action(async (opts) => {
     configureDebug({
         categories: opts.debug,
@@ -713,6 +734,9 @@ program
     });
     const bare = opts.bare === true;
     debug("startup", "oh chat", { bare, model: opts.model, print: !!opts.print });
+    if (opts.init === true || opts.initOnly === true) {
+        await runInitWizard({ exitOnDone: opts.initOnly === true });
+    }
     // Load saved config as defaults (env vars + CLI flags override)
     const savedConfig = readOhConfig();
     const effectiveModel = opts.model ?? savedConfig?.model;
@@ -737,7 +761,7 @@ program
         if (fresh?.baseUrl)
             overrides.baseUrl = fresh.baseUrl;
         const targetModel = fresh?.model ?? effectiveModel;
-        return createProvider(targetModel, Object.keys(overrides).length ? overrides : undefined);
+        return createProvider(targetModel, Object.keys(overrides).length ? overrides : undefined, opts.fallbackModel ? { fallbackModel: opts.fallbackModel } : {});
     };
     try {
         const result = await tryCreateProvider();
@@ -1054,11 +1078,17 @@ program
     }
     console.log();
 });
-// ── init ──
-program
-    .command("init")
-    .description("Initialize OpenHarness for the current project (interactive setup wizard)")
-    .action(async () => {
+/**
+ * Run the interactive setup wizard. Used by both the `oh init` subcommand and
+ * the `--init` / `--init-only` flag added to chat / run / session (audit B5).
+ *
+ * `exitOnDone` controls the wizard's `onDone` behavior:
+ *   - true  → wizard exits the process when the user finishes (the standalone
+ *             `oh init` command path)
+ *   - false → wizard resolves and the caller continues (the `--init` flag path,
+ *             where the wizard is just a setup step before running the command)
+ */
+async function runInitWizard(opts) {
     const { default: InitWizard } = await import("./components/InitWizard.js");
     const rulesPath = createRulesFile();
     const ctx = detectProject();
@@ -1071,8 +1101,144 @@ program
     }
     console.log(`  Rules file: ${rulesPath}`);
     console.log();
-    const { waitUntilExit } = render(_jsx(InitWizard, { onDone: () => process.exit(0) }));
+    const { waitUntilExit } = render(_jsx(InitWizard, { onDone: () => (opts.exitOnDone ? process.exit(0) : undefined) }));
     await waitUntilExit();
+}
+// ── init ──
+program
+    .command("init")
+    .description("Initialize OpenHarness for the current project (interactive setup wizard)")
+    .action(async () => {
+    await runInitWizard({ exitOnDone: true });
+});
+// ── auth (audit B6) — provider-agnostic credential management ──
+//
+// `oh auth login [provider] --key <value>`  — set API key for a provider
+// `oh auth logout [provider]`              — clear API key for a provider
+// `oh auth status`                         — show which providers have keys
+//
+// `provider` defaults to the current `cfg.provider` so a bare `oh auth login`
+// works for the just-configured project. Mirrors Claude Code's `claude auth`.
+const authCmd = program.command("auth").description("Manage API keys for any provider (login / logout / status)");
+// Providers that run locally and don't use API keys — `oh auth login <local>`
+// is a no-op for these; redirect users to `oh init` which configures the
+// base URL and downloads / launches the model.
+const LOCAL_PROVIDERS = new Set(["ollama", "llamacpp", "llama.cpp", "lmstudio", "lm studio"]);
+authCmd
+    .command("login [provider]")
+    .description("Set the API key for a provider (defaults to the configured provider)")
+    .option("--key <value>", "API key value (omit to read from stdin)")
+    .action(async (providerArg, opts) => {
+    const { setCredential } = await import("./harness/credentials.js");
+    const cfg = readOhConfig();
+    const provider = providerArg ?? cfg?.provider;
+    if (!provider) {
+        process.stderr.write("Error: no provider specified and no default in .oh/config.yaml.\nRun `oh init` first to pick a provider — including local options (Ollama, llama.cpp, LM Studio) that don't need API keys.\n");
+        process.exit(2);
+    }
+    if (LOCAL_PROVIDERS.has(provider.toLowerCase())) {
+        console.log([
+            `${provider} runs locally and doesn't use an API key — nothing to log in.`,
+            "",
+            "To configure your local model and base URL, run:",
+            "  oh init",
+            "",
+            "Or skip the wizard and run directly:",
+            `  oh --model ${provider}/<model-name>`,
+        ].join("\n"));
+        return;
+    }
+    let key = opts.key;
+    if (!key) {
+        // TTY: prompt the user for a key (one line, hidden behavior is OS-dependent
+        // — we don't try to mask, callers wanting silent input should pipe).
+        // Non-TTY: read until EOF so `echo $KEY | oh auth login` works.
+        if (process.stdin.isTTY) {
+            const readline = await import("node:readline");
+            const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+            key = await new Promise((resolve) => {
+                rl.question(`Enter API key for ${provider}: `, (answer) => {
+                    rl.close();
+                    resolve(answer.trim());
+                });
+            });
+        }
+        else {
+            const chunks = [];
+            for await (const chunk of process.stdin)
+                chunks.push(chunk);
+            key = Buffer.concat(chunks).toString("utf8").trim();
+        }
+    }
+    if (!key) {
+        process.stderr.write("Error: no API key provided (pass --key <value> or pipe on stdin).\n");
+        process.exit(2);
+    }
+    setCredential(`${provider}-api-key`, key);
+    console.log(`Stored API key for ${provider} in ~/.oh/credentials.enc.`);
+});
+authCmd
+    .command("logout [provider]")
+    .description("Clear the stored API key for a provider")
+    .action(async (providerArg) => {
+    const { deleteCredential, getCredential } = await import("./harness/credentials.js");
+    const cfg = readOhConfig();
+    const provider = providerArg ?? cfg?.provider;
+    if (!provider) {
+        process.stderr.write("Error: no provider specified and no default in .oh/config.yaml.\n");
+        process.exit(2);
+    }
+    const key = `${provider}-api-key`;
+    if (!getCredential(key)) {
+        console.log(`No stored API key for ${provider}.`);
+        return;
+    }
+    deleteCredential(key);
+    console.log(`Cleared stored API key for ${provider}.`);
+});
+authCmd
+    .command("status")
+    .description("Show which providers have stored API keys")
+    .action(async () => {
+    const { listCredentials } = await import("./harness/credentials.js");
+    const keys = listCredentials();
+    const providerKeys = keys.filter((k) => k.endsWith("-api-key"));
+    if (providerKeys.length === 0) {
+        console.log("No stored API keys.");
+        console.log("");
+        console.log("To add one (cloud providers): oh auth login <provider>");
+        console.log("To use a local LLM (no key):  oh init   — picks Ollama / llama.cpp / LM Studio");
+        return;
+    }
+    console.log("Stored API keys:");
+    for (const k of providerKeys) {
+        const provider = k.replace(/-api-key$/, "");
+        console.log(`  ${provider}`);
+    }
+    // Also show env-var status — useful when debugging which path resolveApiKey takes.
+    const envProviders = ["anthropic", "openai", "openrouter"].filter((p) => process.env[`${p.toUpperCase()}_API_KEY`]);
+    if (envProviders.length > 0) {
+        console.log("");
+        console.log("Env-var keys (override stored):");
+        for (const p of envProviders)
+            console.log(`  ${p} (${p.toUpperCase()}_API_KEY)`);
+    }
+    console.log("");
+    console.log("Local LLMs (Ollama / llama.cpp / LM Studio) need no auth — configure via `oh init`.");
+});
+// ── update (audit B7) — provider-agnostic self-update guidance ──
+program
+    .command("update")
+    .description("Show the right upgrade command for how this CLI was installed")
+    .action(async () => {
+    const { detectInstallMethod, getDefaultMainPath } = await import("./utils/install-method.js");
+    const result = detectInstallMethod(getDefaultMainPath());
+    console.log();
+    console.log(`  Current version: ${VERSION}`);
+    console.log(`  Install method: ${result.method}`);
+    console.log();
+    console.log(result.message);
+    console.log();
 });
 // ── sessions ──
 program
@@ -1203,60 +1369,7 @@ program
         process.exit(0);
     });
 });
-// ── auth ──
-program
-    .command("auth")
-    .description("Manage API key credentials")
-    .argument("<action>", "login | logout | status")
-    .argument("[provider]", "Provider name (anthropic, openai, openrouter)")
-    .action(async (action, providerName) => {
-    const { setCredential, deleteCredential, listCredentials, getCredential } = await import("./harness/credentials.js");
-    if (action === "status") {
-        const keys = listCredentials();
-        if (keys.length === 0) {
-            console.log("  No stored credentials. API keys come from environment variables or config.yaml.");
-            return;
-        }
-        console.log("\n  Stored credentials:");
-        for (const k of keys) {
-            const val = getCredential(k);
-            console.log(`  ${k}: ${val ? `****${val.slice(-4)}` : "(empty)"}`);
-        }
-        console.log();
-        return;
-    }
-    if (action === "login") {
-        if (!providerName) {
-            console.error("  Usage: oh auth login <provider>");
-            process.exit(1);
-        }
-        // Read key from stdin
-        process.stdout.write(`  Enter API key for ${providerName}: `);
-        const chunks = [];
-        for await (const chunk of process.stdin) {
-            chunks.push(chunk);
-            break;
-        }
-        const key = Buffer.concat(chunks).toString("utf-8").trim();
-        if (!key) {
-            console.error("  No key provided.");
-            process.exit(1);
-        }
-        setCredential(`${providerName}-api-key`, key);
-        console.log(`  ✓ API key saved securely for ${providerName}`);
-        return;
-    }
-    if (action === "logout") {
-        if (!providerName) {
-            console.error("  Usage: oh auth logout <provider>");
-            process.exit(1);
-        }
-        deleteCredential(`${providerName}-api-key`);
-        console.log(`  ✓ API key removed for ${providerName}`);
-        return;
-    }
-    console.error(`  Unknown action: ${action}. Use: login, logout, status`);
-});
+// (oh auth subcommand is registered above near the init command)
 // ── serve (MCP server) ──
 program
     .command("serve")

package/dist/mcp/elicitation.d.ts

@@ -0,0 +1,66 @@
+/**
+ * MCP `elicitation/create` responder (audit B4).
+ *
+ * MCP servers can ask the client to elicit user input — for confirmations
+ * ("are you sure?"), for form fills, or for free-form text. The spec defines
+ * three response actions:
+ *   - `accept`   → user agreed; `content` may contain form values
+ *   - `decline`  → user explicitly said no
+ *   - `cancel`   → user dismissed without choosing (e.g. closed the prompt)
+ *
+ * Default behavior is **fail-safe decline** — when nothing decides, OH
+ * returns `{ action: "decline" }`. This keeps OH from accepting actions
+ * silently in headless / unattended mode. To accept, configure an
+ * `elicitation` hook that returns `permissionDecision: "allow"`, or wire an
+ * interactive handler via `setElicitationHandler` (the REPL will plug in
+ * when its UX support lands; until then the hook path is the supported
+ * extension point).
+ *
+ * Two hook events fire per elicitation:
+ *   - `elicitation`        — request received, before any decision
+ *   - `elicitationResult`  — final action + content, after decision is made
+ *
+ * Both carry the server name and message so audit hooks can log the
+ * full request/response pair.
+ */
+export type ElicitationAction = "accept" | "decline" | "cancel";
+export interface ElicitationRequest {
+    /** Server name — for hook context. Not part of the MCP wire format. */
+    serverName: string;
+    /** Human-readable message the server wants to show the user. */
+    message: string;
+    /** JSON Schema describing the structured content the server expects on accept. */
+    requestedSchema: unknown;
+}
+export interface ElicitationResponse {
+    action: ElicitationAction;
+    content?: Record<string, unknown>;
+}
+/**
+ * Optional interactive handler — called when no hook decided. The REPL is
+ * the natural caller; until that lands, leaving this unset means OH falls
+ * straight from the hook to the auto-decline default.
+ */
+export type InteractiveElicitationHandler = (req: ElicitationRequest) => Promise<ElicitationResponse>;
+/**
+ * Register / replace the interactive elicitation handler. Pass `undefined`
+ * to clear (for tests / REPL teardown). Idempotent.
+ */
+export declare function setElicitationHandler(handler: InteractiveElicitationHandler | undefined): void;
+/**
+ * Resolve an MCP `elicitation/create` request into an `ElicitationResponse`.
+ *
+ * Decision priority:
+ *   1. `elicitation` hook returns a decision → honor it (allow → accept, deny → decline)
+ *   2. Interactive handler is registered → delegate to it
+ *   3. Default → `{ action: "decline" }`
+ *
+ * Always fires the symmetric `elicitationResult` hook last, so audit hooks
+ * see the full request/response pair regardless of which branch decided.
+ *
+ * @internal Exported for tests; transport.ts is the production caller.
+ */
+export declare function resolveElicitation(req: ElicitationRequest): Promise<ElicitationResponse>;
+/** @internal Test-only reset. */
+export declare function _resetElicitationForTest(): void;
+//# sourceMappingURL=elicitation.d.ts.map