npm - agentic-orchestrator - Versions diffs - 0.1.7 → 0.1.9 - Mend

agentic-orchestrator 0.1.7 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/apps/control-plane/src/supervisor/build-wave-executor.ts CHANGED Viewed

@@ -17,6 +17,17 @@ interface BuildWaveExecutorDependencies {
   reactionsService?: ReactionsService;
 }
+function isRetryableToolError(error: unknown): boolean {
+  if (!error || typeof error !== 'object') {
+    return false;
+  }
+  const details = (error as { details?: unknown }).details;
+  if (!details || typeof details !== 'object') {
+    return false;
+  }
+  return (details as { retryable?: unknown }).retryable === true;
+}
 export class BuildWaveExecutor {
   private readonly toolCaller: SupervisorToolCaller;
   private readonly workerDecisionRunner: WorkerDecisionRunner;
@@ -72,6 +83,7 @@ export class BuildWaveExecutor {
       let gateExitCode: number;
       let gateEvidencePath = '';
       let gateLogs = '';
+      let gateRetryEligible: boolean;
       const failureHistory: GateRepairContext['failureHistory'] = [];
       try {
@@ -80,18 +92,19 @@ export class BuildWaveExecutor {
           TOOLS.GATES_RUN,
           {
             feature_id: featureId,
-            profile: null,
             mode: 'fast',
           },
         );
         gateOverall = gateResult.data.overall ?? GATE_RESULT.PASS;
         gateExitCode = gateOverall === GATE_RESULT.FAIL ? 1 : 0;
         gateEvidencePath = gateResult.data.evidence_path ?? '';
+        gateRetryEligible = gateOverall === GATE_RESULT.FAIL;
       } catch (error) {
         gateOverall = GATE_RESULT.FAIL;
         gateExitCode = 1;
         const typed = error as { message?: string };
         gateLogs = typed.message ?? '';
+        gateRetryEligible = isRetryableToolError(error);
       }
       if (gateOverall === GATE_RESULT.FAIL) {
@@ -106,13 +119,13 @@ export class BuildWaveExecutor {
         });
       }
-      if (this.reactionsService && gateOverall === GATE_RESULT.FAIL) {
+      if (this.reactionsService && gateOverall === GATE_RESULT.FAIL && gateRetryEligible) {
         const context = await this.toolCaller.callTool('builder', TOOLS.FEATURE_GET_CONTEXT, {
           feature_id: featureId,
         });
         let retryCount = initialRetryCount;
         const retryDelayMs = this.reactionsService.retryDelayMs();
-        while (this.reactionsService.shouldRetry(featureId, retryCount)) {
+        while (gateRetryEligible && this.reactionsService.shouldRetry(featureId, retryCount)) {
           if (typeof this.reactionsService.waitBeforeRetry === 'function') {
             await this.reactionsService.waitBeforeRetry();
           }
@@ -140,7 +153,6 @@ export class BuildWaveExecutor {
               TOOLS.GATES_RUN,
               {
                 feature_id: featureId,
-                profile: null,
                 mode: 'fast',
               },
             );
@@ -148,11 +160,13 @@ export class BuildWaveExecutor {
             gateExitCode = gateOverall === GATE_RESULT.FAIL ? 1 : 0;
             gateEvidencePath = retryResult.data.evidence_path ?? gateEvidencePath;
             gateLogs = '';
+            gateRetryEligible = gateOverall === GATE_RESULT.FAIL;
           } catch (error) {
             gateOverall = GATE_RESULT.FAIL;
             gateExitCode = 1;
             const typed = error as { message?: string };
             gateLogs = typed.message ?? '';
+            gateRetryEligible = isRetryableToolError(error);
           }
           retryCount += 1;
@@ -173,6 +187,9 @@ export class BuildWaveExecutor {
           if (gateOverall === GATE_RESULT.PASS) {
             break;
           }
+          if (!gateRetryEligible) {
+            break;
+          }
         }
         if (gateOverall === GATE_RESULT.FAIL && this.reactionsService.shouldEscalate(retryCount)) {

package/apps/control-plane/src/supervisor/qa-wave-executor.ts CHANGED Viewed

@@ -31,6 +31,17 @@ interface QaWaveExecutorDependencies {
   reactionsService?: ReactionsService;
 }
+function isRetryableToolError(error: unknown): boolean {
+  if (!error || typeof error !== 'object') {
+    return false;
+  }
+  const details = (error as { details?: unknown }).details;
+  if (!details || typeof details !== 'object') {
+    return false;
+  }
+  return (details as { retryable?: unknown }).retryable === true;
+}
 export class QaWaveExecutor {
   private readonly kernel: FeatureOrchestrationPort;
   private readonly provider: WorkerProvider;
@@ -93,22 +104,24 @@ export class QaWaveExecutor {
       let gateExitCode: number;
       let gateEvidencePath = '';
       let gateLogs = '';
+      let gateRetryEligible: boolean;
       const failureHistory: GateRepairContext['failureHistory'] = [];
       try {
         const gateResult = await this.toolCaller.callTool<GatesRunData>('qa', TOOLS.GATES_RUN, {
           feature_id: featureId,
-          profile: null,
           mode: 'full',
         });
         gateOverall = gateResult.data.overall ?? GATE_RESULT.PASS;
         gateExitCode = gateOverall === GATE_RESULT.FAIL ? 1 : 0;
         gateEvidencePath = gateResult.data.evidence_path ?? '';
+        gateRetryEligible = gateOverall === GATE_RESULT.FAIL;
       } catch (error) {
         gateOverall = GATE_RESULT.FAIL;
         gateExitCode = 1;
         const typed = error as { message?: string };
         gateLogs = typed.message ?? '';
+        gateRetryEligible = isRetryableToolError(error);
       }
       if (gateOverall === GATE_RESULT.FAIL) {
@@ -123,10 +136,10 @@ export class QaWaveExecutor {
         });
       }
-      if (this.reactionsService && gateOverall === GATE_RESULT.FAIL) {
+      if (this.reactionsService && gateOverall === GATE_RESULT.FAIL && gateRetryEligible) {
         let retryCount = initialRetryCount;
         const retryDelayMs = this.reactionsService.retryDelayMs();
-        while (this.reactionsService.shouldRetry(featureId, retryCount)) {
+        while (gateRetryEligible && this.reactionsService.shouldRetry(featureId, retryCount)) {
           if (typeof this.reactionsService.waitBeforeRetry === 'function') {
             await this.reactionsService.waitBeforeRetry();
           }
@@ -154,7 +167,6 @@ export class QaWaveExecutor {
               TOOLS.GATES_RUN,
               {
                 feature_id: featureId,
-                profile: null,
                 mode: 'full',
               },
             );
@@ -162,11 +174,13 @@ export class QaWaveExecutor {
             gateExitCode = gateOverall === GATE_RESULT.FAIL ? 1 : 0;
             gateEvidencePath = retryResult.data.evidence_path ?? gateEvidencePath;
             gateLogs = '';
+            gateRetryEligible = gateOverall === GATE_RESULT.FAIL;
           } catch (error) {
             gateOverall = GATE_RESULT.FAIL;
             gateExitCode = 1;
             const typed = error as { message?: string };
             gateLogs = typed.message ?? '';
+            gateRetryEligible = isRetryableToolError(error);
           }
           retryCount += 1;
@@ -187,6 +201,9 @@ export class QaWaveExecutor {
           if (gateOverall === GATE_RESULT.PASS) {
             break;
           }
+          if (!gateRetryEligible) {
+            break;
+          }
         }
         if (gateOverall === GATE_RESULT.FAIL && this.reactionsService.shouldEscalate(retryCount)) {

package/apps/control-plane/src/supervisor/runtime.ts CHANGED Viewed

@@ -32,6 +32,7 @@ import type {
   InitialPlanGenerator,
   PromptBundle,
   RuntimeRole,
+  ToolArgs,
   SupervisorKernelPort,
   SupervisorOptions,
   SupervisorRuntimeState,
@@ -472,12 +473,16 @@ export class SupervisorRuntime
     }
   }
-  async callTool<TData = Record<string, unknown>>(
+  async callTool<TData = Record<string, unknown>, TToolName extends string = string>(
     role: RuntimeRole,
-    toolName: string,
-    args: Record<string, unknown>,
+    toolName: TToolName,
+    args: ToolArgs<TToolName>,
   ): Promise<{ ok: true; data: TData }> {
-    const payload = withOperationIdIfRequired(toolName, args, createOperationId);
+    const payload = withOperationIdIfRequired(
+      toolName,
+      args as Record<string, unknown>,
+      createOperationId,
+    );
     const roleSessionId = this.resolveRoleSessionId(role, payload);
     const response = await this.toolClient.call(toolName, payload, {

package/apps/control-plane/src/supervisor/types.ts CHANGED Viewed

@@ -5,6 +5,7 @@ export type {
   FeatureStateFrontMatter,
   FeatureStatePayload,
   RuntimeRole,
+  ToolArgs,
   ToolCaller as SupervisorToolCaller,
 } from '../core/tool-caller.js';

package/apps/control-plane/test/cli-helpers.spec.ts CHANGED Viewed

@@ -221,6 +221,8 @@ describe('RetryCommandHandler', () => {
       expect.objectContaining({ feature_id: 'feature_abc', mode: 'full' }),
       expect.any(Object),
     );
+    const gatesRunCall = callMock.mock.calls.find((call) => call[0] === TOOLS.GATES_RUN);
+    expect(gatesRunCall?.[1]).not.toHaveProperty('profile');
   });
   it('GIVEN_valid_feature_id_with_force_WHEN_execute_called_THEN_gets_current_state_and_patches_retry_count', async () => {
@@ -259,6 +261,8 @@ describe('RetryCommandHandler', () => {
       expect.objectContaining({ feature_id: 'feature_abc' }),
       expect.any(Object),
     );
+    const gatesRunCall = callMock.mock.calls.find((call) => call[0] === TOOLS.GATES_RUN);
+    expect(gatesRunCall?.[1]).not.toHaveProperty('profile');
   });
 });

package/apps/control-plane/test/dashboard-command.spec.ts CHANGED Viewed

@@ -2,6 +2,12 @@ import { describe, expect, it, vi, afterEach } from 'vitest';
 import { DashboardCommandHandler } from '../src/cli/dashboard-command-handler.js';
 import type { ChildProcess } from 'node:child_process';
+vi.mock('node:fs/promises', () => ({
+  default: {
+    access: vi.fn(async () => undefined),
+  },
+}));
 vi.mock('node:child_process', () => ({
   execFile: vi.fn(),
   spawn: vi.fn(),
@@ -104,4 +110,34 @@ describe('DashboardCommandHandler', () => {
     );
     expect(result).toMatchObject({ ok: true, data: { mode: 'dev' } });
   });
+  it('GIVEN_dashboard_cli_missing_WHEN_dashboard_command_THEN_installs_workspace_dependencies_before_build', async () => {
+    const { default: fs } = await import('node:fs/promises');
+    const { execFile, spawn } = await import('node:child_process');
+    const mockChild = { unref: vi.fn(), on: vi.fn() } as unknown as ChildProcess;
+    vi.mocked(fs.access).mockRejectedValue(new Error('missing'));
+    vi.mocked(execFile).mockImplementation((_file, _args, _opts, cb) => {
+      cb?.(null, '', '');
+      return {} as never;
+    });
+    vi.mocked(spawn).mockReturnValue(mockChild);
+    const handler = new DashboardCommandHandler();
+    const result = await handler.execute({ foreground: false });
+    expect(execFile).toHaveBeenCalledWith(
+      'npm',
+      ['install', '--workspace', '@aop/web-dashboard', '--no-audit', '--no-fund'],
+      expect.any(Object),
+      expect.any(Function),
+    );
+    expect(execFile).toHaveBeenCalledWith(
+      'npm',
+      ['run', '--workspace', '@aop/web-dashboard', 'build'],
+      expect.any(Object),
+      expect.any(Function),
+    );
+    expect(result).toMatchObject({ ok: true, data: { built: true } });
+  });
 });

package/apps/control-plane/test/init-wizard.spec.ts CHANGED Viewed

@@ -27,7 +27,7 @@ import { InitCommandHandler } from '../src/cli/init-command-handler.js';
 import { HelpCommandHandler } from '../src/cli/help-command-handler.js';
 function makePromptFactory(responses: string[]) {
-  const question = vi.fn(async () => responses.shift() ?? '');
+  const question = vi.fn(async (_query: string) => responses.shift() ?? '');
   const close = vi.fn();
   const factory = vi.fn(() => ({ question, close }));
   return { factory, question, close };
@@ -97,6 +97,7 @@ describe('InitCommandHandler', () => {
     expect(agentsContent).toContain('roles:');
     expect(agentsContent).toContain('default_provider: custom');
     expect(agentsContent).toContain('default_model: local-default');
+    expect(agentsContent).not.toContain('provider_config_env:');
     const adaptersContent = await fs.readFile(
       path.join(cwd, 'config', 'agentic', 'orchestrator', 'adapters.yaml'),
@@ -350,6 +351,7 @@ describe('InitCommandHandler', () => {
     );
     expect(agentsContent).toContain('default_provider: claude');
     expect(agentsContent).toContain('default_model: sonnet-4.5');
+    expect(agentsContent).not.toContain('provider_config_env:');
     const adaptersContent = await fs.readFile(
       path.join(cwd, 'config', 'agentic', 'orchestrator', 'adapters.yaml'),
@@ -358,6 +360,169 @@ describe('InitCommandHandler', () => {
     expect(adaptersContent).toContain('activity-detector: claude-jsonl');
     expect(adaptersContent).toContain('scm-provider: github');
   });
+  it('GIVEN_interactive_local_cli_mode_WHEN_init_runs_THEN_provider_env_prompt_is_skipped_and_agents_yaml_omits_provider_config_env', async () => {
+    await fs.mkdir(path.join(cwd, '.git'), { recursive: true });
+    await fs.writeFile(path.join(cwd, '.git', 'config'), '[core]\n', 'utf8');
+    execFileMock.mockResolvedValue({ stdout: 'origin/main\n', stderr: '' });
+    const prompts = makePromptFactory([
+      'main',
+      'codex',
+      'codex-default',
+      'github',
+      '3',
+      '3000',
+      'none',
+      'vitest',
+      'yes',
+    ]);
+    const handler = new InitCommandHandler(cwd, prompts.factory);
+    const result = await handler.execute({ auto: false });
+    expect(result.ok).toBe(true);
+    expect(
+      prompts.question.mock.calls.some((call) =>
+        String(call[0]).includes('Provider config env var name'),
+      ),
+    ).toBe(false);
+    const agentsContent = await fs.readFile(
+      path.join(cwd, 'config', 'agentic', 'orchestrator', 'agents.yaml'),
+      'utf8',
+    );
+    expect(agentsContent).not.toContain('provider_config_env:');
+  });
+  it('GIVEN_api_backed_mode_with_existing_env_var_WHEN_init_runs_THEN_agents_yaml_uses_that_env_var', async () => {
+    await fs.mkdir(path.join(cwd, '.git'), { recursive: true });
+    await fs.writeFile(path.join(cwd, '.git', 'config'), '[core]\n', 'utf8');
+    execFileMock.mockResolvedValue({ stdout: 'origin/main\n', stderr: '' });
+    process.env.GEMINI_API_KEY = 'existing-key';
+    const prompts = makePromptFactory([
+      'main',
+      'gemini',
+      'gemini-default',
+      'github',
+      '3',
+      '3000',
+      'none',
+      'vitest',
+      'no',
+      'GEMINI_API_KEY',
+    ]);
+    const handler = new InitCommandHandler(cwd, prompts.factory);
+    const result = await handler.execute({ auto: false }).finally(() => {
+      delete process.env.GEMINI_API_KEY;
+    });
+    expect(result.ok).toBe(true);
+    const agentsContent = await fs.readFile(
+      path.join(cwd, 'config', 'agentic', 'orchestrator', 'agents.yaml'),
+      'utf8',
+    );
+    expect(agentsContent).toContain('provider_config_env: GEMINI_API_KEY');
+  });
+  it('GIVEN_api_backed_mode_with_env_var_in_dotenv_WHEN_init_runs_THEN_agents_yaml_uses_that_env_var_without_bootstrap_prompt', async () => {
+    await fs.mkdir(path.join(cwd, '.git'), { recursive: true });
+    await fs.writeFile(path.join(cwd, '.git', 'config'), '[core]\n', 'utf8');
+    await fs.writeFile(path.join(cwd, '.env'), 'GEMINI_API_KEY=dotenv-key\n', 'utf8');
+    execFileMock.mockResolvedValue({ stdout: 'origin/main\n', stderr: '' });
+    const prompts = makePromptFactory([
+      'main',
+      'gemini',
+      'gemini-default',
+      'github',
+      '3',
+      '3000',
+      'none',
+      'vitest',
+      'no',
+      'GEMINI_API_KEY',
+    ]);
+    const handler = new InitCommandHandler(cwd, prompts.factory);
+    const result = await handler.execute({ auto: false });
+    expect(result.ok).toBe(true);
+    expect(
+      prompts.question.mock.calls.some((call) =>
+        String(call[0]).includes('Paste provider key to store in AOP_PROVIDER_CONFIG_ENV'),
+      ),
+    ).toBe(false);
+    const agentsContent = await fs.readFile(
+      path.join(cwd, 'config', 'agentic', 'orchestrator', 'agents.yaml'),
+      'utf8',
+    );
+    expect(agentsContent).toContain('provider_config_env: GEMINI_API_KEY');
+  });
+  it('GIVEN_api_backed_mode_with_missing_env_var_WHEN_init_runs_THEN_bootstraps_AOP_provider_env_in_dotenv', async () => {
+    await fs.mkdir(path.join(cwd, '.git'), { recursive: true });
+    await fs.writeFile(path.join(cwd, '.git', 'config'), '[core]\n', 'utf8');
+    execFileMock.mockResolvedValue({ stdout: 'origin/main\n', stderr: '' });
+    const prompts = makePromptFactory([
+      'main',
+      'gemini',
+      'gemini-default',
+      'github',
+      '3',
+      '3000',
+      'none',
+      'vitest',
+      'no',
+      'GEMINI_API_KEY',
+      'bootstrap-secret',
+    ]);
+    const handler = new InitCommandHandler(cwd, prompts.factory);
+    const result = await handler.execute({ auto: false });
+    expect(result.ok).toBe(true);
+    expect(result.data.next_steps).toContain(
+      'Stored provider credential in .env as AOP_PROVIDER_CONFIG_ENV.',
+    );
+    const agentsContent = await fs.readFile(
+      path.join(cwd, 'config', 'agentic', 'orchestrator', 'agents.yaml'),
+      'utf8',
+    );
+    expect(agentsContent).toContain('provider_config_env: AOP_PROVIDER_CONFIG_ENV');
+    const envContent = await fs.readFile(path.join(cwd, '.env'), 'utf8');
+    expect(envContent).toContain('AOP_PROVIDER_CONFIG_ENV=bootstrap-secret');
+  });
+  it('GIVEN_existing_AOP_provider_env_in_dotenv_WHEN_init_bootstraps_again_THEN_replaces_existing_value_without_duplication', async () => {
+    await fs.mkdir(path.join(cwd, '.git'), { recursive: true });
+    await fs.writeFile(path.join(cwd, '.git', 'config'), '[core]\n', 'utf8');
+    await fs.writeFile(path.join(cwd, '.env'), 'FOO=bar\nAOP_PROVIDER_CONFIG_ENV=old\n', 'utf8');
+    execFileMock.mockResolvedValue({ stdout: 'origin/main\n', stderr: '' });
+    const prompts = makePromptFactory([
+      'main',
+      'gemini',
+      'gemini-default',
+      'github',
+      '3',
+      '3000',
+      'none',
+      'vitest',
+      'no',
+      'MISSING_ENV_VAR',
+      'new-secret',
+    ]);
+    const handler = new InitCommandHandler(cwd, prompts.factory);
+    const result = await handler.execute({ auto: false });
+    expect(result.ok).toBe(true);
+    const envContent = await fs.readFile(path.join(cwd, '.env'), 'utf8');
+    expect(envContent).toContain('FOO=bar');
+    expect(envContent).toContain('AOP_PROVIDER_CONFIG_ENV=new-secret');
+    expect((envContent.match(/AOP_PROVIDER_CONFIG_ENV=/g) ?? []).length).toBe(1);
+  });
 });
 describe('InitCommandHandler validation branches', () => {

package/apps/control-plane/test/providers.spec.ts CHANGED Viewed

@@ -13,6 +13,7 @@ describe('provider selection', () => {
       env: {
         AOP_AGENT_PROVIDER: 'codex',
         AOP_AGENT_MODEL: 'env-model',
+        CLI_CONFIG: 'cli-token',
         AOP_PROVIDER_CONFIG_ENV: 'ENV_CONFIG',
       },
       agentsConfig: {
@@ -27,6 +28,7 @@ describe('provider selection', () => {
     expect(selection.provider).toBe('custom');
     expect(selection.model).toBe('cli-model');
     expect(selection.provider_config_env).toBe('CLI_CONFIG');
+    expect(selection.provider_config_ref).toBe('cli-token');
   });
   it('GIVEN_no_provider_WHEN_resolving_THEN_throws_agent_provider_not_configured', () => {
@@ -49,16 +51,36 @@ describe('provider selection', () => {
     ).toThrow(ERROR_CODES.UNSUPPORTED_AGENT_PROVIDER);
   });
-  it('GIVEN_non_custom_provider_without_credentials_WHEN_resolving_THEN_throws_provider_auth_missing', () => {
+  it('GIVEN_credential_required_provider_without_credentials_WHEN_resolving_THEN_throws_provider_auth_missing', () => {
     expect(() =>
       resolveProviderSelection({
-        cli: { agent_provider: 'codex', provider_config_env: 'AOP_KEY' },
+        cli: { agent_provider: 'gemini', provider_config_env: 'GEMINI_API_KEY' },
         env: {},
         agentsConfig: {},
       }),
     ).toThrow(ERROR_CODES.PROVIDER_AUTH_MISSING);
   });
+  it('GIVEN_codex_provider_without_credentials_WHEN_resolving_THEN_does_not_throw', () => {
+    const selection = resolveProviderSelection({
+      cli: { agent_provider: 'codex' },
+      env: {},
+      agentsConfig: {},
+    });
+    expect(selection.provider).toBe('codex');
+    expect(selection.provider_config_ref).toBeNull();
+  });
+  it('GIVEN_claude_provider_without_credentials_WHEN_resolving_THEN_does_not_throw', () => {
+    const selection = resolveProviderSelection({
+      cli: { agent_provider: 'claude' },
+      env: {},
+      agentsConfig: {},
+    });
+    expect(selection.provider).toBe('claude');
+    expect(selection.provider_config_ref).toBeNull();
+  });
   it('GIVEN_non_custom_provider_without_model_WHEN_resolving_THEN_uses_default_model_name', () => {
     const selection = resolveProviderSelection({
       cli: {
@@ -88,6 +110,57 @@ describe('provider selection', () => {
     expect(selection.provider_config_ref).toBeNull();
   });
+  it('GIVEN_AOP_provider_config_env_holds_direct_credential_WHEN_resolving_THEN_uses_direct_value', () => {
+    const selection = resolveProviderSelection({
+      cli: {
+        agent_provider: 'gemini',
+      },
+      env: {
+        AOP_PROVIDER_CONFIG_ENV: 'direct-bootstrap-key',
+      },
+      agentsConfig: {},
+    });
+    expect(selection.provider_config_env).toBe('AOP_PROVIDER_CONFIG_ENV');
+    expect(selection.provider_config_ref).toBe('direct-bootstrap-key');
+  });
+  it('GIVEN_AOP_provider_config_env_points_to_existing_env_var_WHEN_resolving_THEN_uses_legacy_indirection', () => {
+    const selection = resolveProviderSelection({
+      cli: {
+        agent_provider: 'gemini',
+      },
+      env: {
+        AOP_PROVIDER_CONFIG_ENV: 'GEMINI_API_KEY',
+        GEMINI_API_KEY: 'legacy-indirect-key',
+      },
+      agentsConfig: {},
+    });
+    expect(selection.provider_config_env).toBe('GEMINI_API_KEY');
+    expect(selection.provider_config_ref).toBe('legacy-indirect-key');
+  });
+  it('GIVEN_cli_provider_config_env_missing_but_runtime_provider_config_env_present_WHEN_resolving_THEN_runtime_env_name_is_used', () => {
+    const selection = resolveProviderSelection({
+      cli: {
+        agent_provider: 'gemini',
+        provider_config_env: 'MISSING_CLI_KEY',
+      },
+      env: {
+        CFG_KEY: 'cfg-token',
+      },
+      agentsConfig: {
+        runtime: {
+          provider_config_env: 'CFG_KEY',
+        },
+      },
+    });
+    expect(selection.provider_config_env).toBe('CFG_KEY');
+    expect(selection.provider_config_ref).toBe('cfg-token');
+  });
   it('GIVEN_kiro_cli_provider_without_credentials_WHEN_resolving_THEN_allows_null_config_ref', () => {
     const selection = resolveProviderSelection({
       cli: {