aiden-runtime 4.1.1 → 4.1.3

package/dist/core/v4/update/executeInstall.js

@@ -0,0 +1,233 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/update/executeInstall.ts — Phase v4.1.2-update.
+ *
+ * Shared in-process installer for `npm install -g aiden-runtime@latest`.
+ * Used by two surfaces:
+ *   - `/update install` slash command (cli/v4/commands/update.ts)
+ *   - `aiden_self_update` tool (tools/v4/system/aidenSelfUpdate.ts)
+ *
+ * Both call this single executor so install behavior — timeout,
+ * permission-denied fallback, version detection — has ONE source of
+ * truth. Future v4.1.3+ rollback / package-manager-swap work edits
+ * one file.
+ *
+ * Behavior:
+ *   - Spawns `npm install -g aiden-runtime@latest` with INSTALL_TIMEOUT_MS
+ *     wall-clock cap.
+ *   - Captures stdout/stderr; returns both for diagnostics regardless
+ *     of outcome.
+ *   - Detects the installed version from npm's `+ aiden-runtime@x.y.z`
+ *     output line; null when not parseable.
+ *   - On permission-denied (EACCES / "EACCES" / Windows ENOPRIV /
+ *     "operation not permitted"): returns structured failure with
+ *     platform-specific copy-paste commands so the user can run the
+ *     install manually with proper privileges.
+ *
+ * Honest about what it doesn't do:
+ *   - No auto-restart of the running REPL. The currently-running
+ *     process keeps running the OLD version regardless of what npm
+ *     just installed globally — claiming otherwise would lie to the
+ *     user. Caller prints the "type /quit and rerun aiden" hint
+ *     instead so the user knows exactly when the new version takes
+ *     effect.
+ *   - No self-escalation to UAC/sudo. We try once; on permission
+ *     failure we surface the right copy-paste, not silent escalation.
+ *   - No registry probe — call `checkForUpdate` first if you need to
+ *     know whether an install is warranted.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.INSTALL_TIMEOUT_MS = void 0;
+exports.executeInstall = executeInstall;
+exports.parseInstalledVersion = parseInstalledVersion;
+const node_child_process_1 = require("node:child_process");
+/** 90 s wall-clock cap. Generous on cold caches / slow networks. */
+exports.INSTALL_TIMEOUT_MS = 90000;
+const DEFAULT_PACKAGE_SPEC = 'aiden-runtime@latest';
+/**
+ * Run the install. Returns a structured result; NEVER throws — the
+ * outer surface (slash command / tool) renders the result to the user.
+ *
+ * Error path is intentionally string-typed (single user-visible
+ * paragraph). The structured fields (stdout/stderr/exitCode) are for
+ * diagnostics; callers that want to surface them to the user can
+ * compose their own message from those.
+ */
+async function executeInstall(opts = {}) {
+    const spawn = opts.spawnImpl ?? node_child_process_1.spawn;
+    const timeoutMs = opts.timeoutMs ?? exports.INSTALL_TIMEOUT_MS;
+    const packageSpec = opts.packageSpec ?? DEFAULT_PACKAGE_SPEC;
+    const platform = opts.platform ?? process.platform;
+    return new Promise((resolve) => {
+        const args = ['install', '-g', packageSpec];
+        // shell: true on Windows so npm.cmd is found via PATHEXT; on
+        // POSIX we spawn npm directly. Either way the args are validated
+        // (only npm + install + a hardcoded spec by default) — no user
+        // input flows into argv.
+        const spawnOpts = {
+            shell: platform === 'win32',
+            stdio: ['ignore', 'pipe', 'pipe'],
+        };
+        let child;
+        try {
+            child = spawn('npm', args, spawnOpts);
+        }
+        catch (err) {
+            resolve({
+                success: false,
+                error: `Could not launch npm: ${err.message}. ` +
+                    `Run \`npm install -g aiden-runtime@latest\` manually.`,
+            });
+            return;
+        }
+        let stdoutBuf = '';
+        let stderrBuf = '';
+        child.stdout?.on('data', (chunk) => {
+            stdoutBuf += chunk.toString();
+        });
+        child.stderr?.on('data', (chunk) => {
+            stderrBuf += chunk.toString();
+        });
+        // Timeout — kill the child + resolve as a failure with the captured
+        // output so the user sees what npm was doing.
+        let timedOut = false;
+        const timer = setTimeout(() => {
+            timedOut = true;
+            try {
+                child.kill('SIGTERM');
+            }
+            catch { /* ignore */ }
+        }, timeoutMs);
+        child.on('error', (err) => {
+            clearTimeout(timer);
+            // Spawn-level error (ENOENT — npm not on PATH).
+            resolve({
+                success: false,
+                error: `npm spawn failed: ${err.message}. Is npm installed and on PATH?`,
+                stderr: stderrBuf,
+                stdout: stdoutBuf,
+            });
+        });
+        child.on('close', (code) => {
+            clearTimeout(timer);
+            const stdout = stdoutBuf;
+            const stderr = stderrBuf;
+            const exitCode = code ?? -1;
+            if (timedOut) {
+                resolve({
+                    success: false,
+                    error: `Install timed out after ${timeoutMs}ms. ` +
+                        `Try \`npm install -g aiden-runtime@latest\` manually.`,
+                    stdout, stderr, exitCode: -1,
+                });
+                return;
+            }
+            // Permission-denied: surface platform-specific remediations.
+            if (isPermissionDenied(stdout, stderr, exitCode)) {
+                resolve({
+                    success: false,
+                    error: permissionDeniedMessage(platform),
+                    stdout, stderr, exitCode,
+                });
+                return;
+            }
+            if (exitCode !== 0) {
+                resolve({
+                    success: false,
+                    error: `Install failed (npm exit ${exitCode}). ` +
+                        (stderr.trim().slice(0, 200) ||
+                            'See stderr/stdout for details. Try `npm install -g aiden-runtime@latest` manually.'),
+                    stdout, stderr, exitCode,
+                });
+                return;
+            }
+            // Success — parse installed version from npm output. Pattern:
+            // "+ aiden-runtime@4.1.3" or "added 1 package ... aiden-runtime@4.1.3"
+            const installedVersion = parseInstalledVersion(stdout) ?? parseInstalledVersion(stderr) ?? undefined;
+            resolve({
+                success: true,
+                installedVersion,
+                stdout, stderr, exitCode,
+            });
+        });
+    });
+}
+// ── Helpers ───────────────────────────────────────────────────────────────
+/**
+ * Did npm fail because of a permission error? Heuristics across the
+ * three platforms — npm doesn't return a single canonical exit code
+ * for this, so we sniff the captured streams.
+ */
+function isPermissionDenied(stdout, stderr, exitCode) {
+    const haystack = `${stderr}\n${stdout}`.toLowerCase();
+    // POSIX: "EACCES", "permission denied", "operation not permitted"
+    if (haystack.includes('eacces'))
+        return true;
+    if (haystack.includes('permission denied'))
+        return true;
+    if (haystack.includes('operation not permitted'))
+        return true;
+    // Windows: usually exit 1 with stderr containing "EPERM" or
+    // "operation not permitted" or "access is denied"
+    if (haystack.includes('eperm'))
+        return true;
+    if (haystack.includes('access is denied'))
+        return true;
+    // exit 243 is the npm conventional "permission" code on some setups;
+    // we don't gate on exit code alone (too noisy) but combined with
+    // any of the above strings it's a clear signal.
+    void exitCode;
+    return false;
+}
+/**
+ * Build the platform-specific copy-paste remediation. Provides three
+ * distinct paths — system-wide-with-elevation (Windows admin),
+ * sudo (macOS/Linux), or user-local-prefix (cross-platform) — so the
+ * user has options without us trying to self-escalate to UAC/sudo
+ * from inside the running REPL.
+ */
+function permissionDeniedMessage(platform) {
+    const userLocal = 'Or use a user-local npm prefix to avoid privileges entirely:\n' +
+        '              npm config set prefix ~/.npm-global\n' +
+        '              export PATH=~/.npm-global/bin:$PATH    # add to your shell profile\n' +
+        '              npm install -g aiden-runtime@latest';
+    if (platform === 'win32') {
+        return [
+            'Install failed: permission denied (npm needs Administrator for global install).',
+            '',
+            'To update manually:',
+            '  Windows:  Open PowerShell as Administrator, then:',
+            '              npm install -g aiden-runtime@latest',
+            '',
+            userLocal,
+        ].join('\n');
+    }
+    // darwin / linux / others — sudo path.
+    return [
+        'Install failed: permission denied (npm needs sudo for global install).',
+        '',
+        'To update manually:',
+        '  macOS / Linux:',
+        '              sudo npm install -g aiden-runtime@latest',
+        '',
+        userLocal,
+    ].join('\n');
+}
+/**
+ * Find the installed version in npm output. Two common patterns:
+ *   "+ aiden-runtime@4.1.3"
+ *   "added 1 package in 12s ... aiden-runtime@4.1.3"
+ * Returns the bare version string (no `v` prefix) or null.
+ */
+function parseInstalledVersion(out) {
+    if (!out)
+        return null;
+    const m = out.match(/aiden-runtime@(\d+\.\d+\.\d+(?:-[a-z0-9.]+)?)/i);
+    return m ? m[1] : null;
+}

package/dist/core/version.js

@@ -2,4 +2,4 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
 // AUTO-GENERATED by scripts/inject-version.js — do not edit by hand
-exports.VERSION = '4.1.1';
+exports.VERSION = '4.1.3';

package/dist/moat/memoryGuard.js

@@ -31,6 +31,7 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MemoryGuard = void 0;
+exports.containsInSection = containsInSection;
 class MemoryGuard {
     constructor(memory) {
         this.memory = memory;
@@ -113,6 +114,75 @@ class MemoryGuard {
         }
         return { ok: true, verified: true, fileLength: text.length };
     }
+    /**
+     * Phase v4.1.2 alive-core: section-aware write. Replaces the body of
+     * a markdown `## <header>` section, creating the section at file end
+     * if it doesn't yet exist. Body lines below the header up to the
+     * next `## ` (or EOF) are replaced wholesale.
+     *
+     * Preserves the standard verify-on-disk contract: the post-write read
+     * confirms `newBody` is present and (when applicable) the previous
+     * section body is gone before returning `verified: true`.
+     *
+     * Additive — does not change `guardedAdd` / `guardedReplace` /
+     * `guardedRemove` semantics.
+     */
+    async replaceSection(file, header, newBody) {
+        const headerTrim = header.trim();
+        if (!headerTrim.startsWith('## ')) {
+            return {
+                ok: false,
+                verified: false,
+                reason: 'header must start with "## " (markdown h2)',
+            };
+        }
+        const bodyTrim = newBody.trim();
+        if (!bodyTrim) {
+            return {
+                ok: false,
+                verified: false,
+                reason: 'newBody cannot be empty. Use guardedRemove() to drop a section.',
+            };
+        }
+        // Read current file state so we can compute the precise old block.
+        const snapBefore = await this.memory.loadSnapshot();
+        const before = pickFile(snapBefore, file);
+        // Match `<header>` and everything below it up to the next `## `
+        // line or EOF. No `m` flag — we want `$` to mean end-of-string;
+        // with `m`, the trailing-`$` lookahead would match at every line
+        // ending and chop off all but the first body line.
+        const escapedHeader = headerTrim.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+        const sectionRe = new RegExp(`${escapedHeader}[^\\n]*(?:\\r?\\n[\\s\\S]*?)?(?=\\n## |$)`);
+        const match = before.match(sectionRe);
+        const newSection = `${headerTrim}\n${bodyTrim}`;
+        let mutation;
+        if (match && match[0]) {
+            mutation = await this.memory.replace(file, match[0], newSection);
+        }
+        else {
+            // Section doesn't exist — append at end with a blank-line gap.
+            const sep = before.length > 0 && !before.endsWith('\n') ? '\n\n' : '\n';
+            mutation = await this.memory.add(file, `${sep}${newSection}`);
+        }
+        if (!mutation.ok) {
+            return {
+                ok: false,
+                verified: false,
+                reason: mutation.reason ?? 'section write failed',
+            };
+        }
+        const snapAfter = await this.memory.loadSnapshot();
+        const after = pickFile(snapAfter, file);
+        if (!after.includes(headerTrim) || !after.includes(bodyTrim)) {
+            return {
+                ok: false,
+                verified: false,
+                reason: 'Section write claimed but header/body not found post-write',
+                fileLength: after.length,
+            };
+        }
+        return { ok: true, verified: true, fileLength: after.length };
+    }
     async guardedRemove(file, text) {
         const trimmed = text.trim();
         if (!trimmed) {
@@ -144,3 +214,44 @@ exports.MemoryGuard = MemoryGuard;
 function pickFile(snap, file) {
     return file === 'user' ? snap.userMd : snap.memoryMd;
 }
+/**
+ * Phase v4.1.2-bug-X: section-aware containment check.
+ *
+ * Returns `true` if `target` appears anywhere within the body of the
+ * section identified by `sectionHeader` (e.g. `"## Durable facts"`).
+ * The section body runs from the line after the header to the line
+ * before the next `## ` header — or end-of-file, whichever comes
+ * first. Returns `false` when the section doesn't exist OR when the
+ * target sits outside it.
+ *
+ * Pure: no I/O, deterministic from inputs. Used by `memory_remove`
+ * to protect user-approved durable facts from autonomous deletion:
+ * the model proposed substring-match against MEMORY.md, but
+ * substring removal operates whole-file — partial protection would
+ * still nuke the durable copy as side-effect. STRICT containment
+ * (rejects if the substring appears ANYWHERE in the section body)
+ * is the honest guard.
+ *
+ * Case-sensitive: matches the existing `guardedRemove` semantics
+ * which use `String.prototype.includes` directly on the raw content.
+ *
+ * @param fileContent  Full file content (e.g. MEMORY.md as one string).
+ * @param target       Substring the caller intends to remove.
+ * @param sectionHeader Header line including the `## ` prefix.
+ */
+function containsInSection(fileContent, target, sectionHeader) {
+    if (!fileContent || !target || !sectionHeader)
+        return false;
+    const headerEscaped = sectionHeader.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    // Match the header line, then capture the body until the next `## `
+    // (any h2) or end-of-string. No `m` flag — the trailing-`$` would
+    // otherwise match every line ending and chop the body at the first
+    // newline (the same trap the slice2 sessionSummary regex already
+    // documents).
+    const sectionRe = new RegExp(`${headerEscaped}[^\\n]*\\n([\\s\\S]*?)(?=\\n## |$)`);
+    const m = fileContent.match(sectionRe);
+    if (!m)
+        return false;
+    const body = m[1] ?? '';
+    return body.includes(target);
+}

package/dist/moat/plannerGuard.js

@@ -91,6 +91,25 @@ const RULES = [
         keywords: /\b(process|background|long.?running|server|spawn|kill|daemon)\b/i,
         toolsets: ['process'],
     },
+    // Media playback control (v4.1.4-media)
+    //
+    // Without this, intents like "list media sessions" matched the
+    // `sessions` rule via the bare word "session" → narrowed surface to
+    // toolset `sessions` only → `media_sessions` (toolset `system`) was
+    // filtered out and the model honestly reported it as unavailable.
+    // UNION semantics mean both rules contribute on phrases that hit
+    // both ("media sessions" → sessions + system), giving the model the
+    // full picture without needing a dedicated `media` toolset.
+    //
+    // Toolset is `system` (broad but minimal blast radius): the bundle
+    // covers media_sessions, media_transport, media_key, app_input,
+    // now_playing, plus the plausibly-relevant app_launch / volume_set /
+    // os_process_list. Carving out a dedicated `media` toolset is a
+    // separate slice if the surface noise becomes a real problem.
+    {
+        keywords: /\b(play|pause|skip|spotify|music|song|video|youtube|track|playback|media)\b/i,
+        toolsets: ['system'],
+    },
 ];
 /** Always-on tools regardless of mode. The agent needs schema lookup
  *  + skill discovery + session search to be useful even on cold turns. */

package/dist/moat/skillTeacher.js

@@ -97,7 +97,7 @@ class SkillTeacher {
     /** Optional handler-resolver to look up toolset metadata for trace
      *  entries that don't carry their own toolset. Used for the 2-toolset
      *  diversity check. */
-    resolveHandler) {
+    resolveHandler, healthTracker) {
         this.skillLoader = skillLoader;
         this.skillManager = skillManager;
         this.resolveHandler = resolveHandler;
@@ -107,6 +107,7 @@ class SkillTeacher {
         this.qualityPath =
             qualityFilePath ??
                 node_path_1.default.join(process.cwd(), '.aiden-skill-quality.json');
+        this.healthTracker = healthTracker;
     }
     setTier(tier) {
         this.tier = tier;
@@ -203,9 +204,11 @@ class SkillTeacher {
                 name: proposal.proposedName,
                 content,
             }, {});
+            this.healthTracker?.recordSuccess();
             return { created: true, skillName: proposal.proposedName };
         }
         catch (e) {
+            this.healthTracker?.recordFailure(e);
             const msg = e instanceof Error ? e.message : String(e);
             return { created: false, reason: `create_failed: ${msg}` };
         }
@@ -336,8 +339,11 @@ ${[...new Set(proposal.toolsUsed)].map((t) => `- ${t}`).join('\n')}
                 return this.qualityCache;
             }
         }
-        catch {
-            // ignore — corrupt file is replaced on next save.
+        catch (e) {
+            // Phase v4.1.2-slice3: record corrupt-file / JSON parse / read
+            // failures into the health tracker. We still fall through to an
+            // empty cache so behavior is unchanged — telemetry is additive.
+            this.healthTracker?.recordFailure(e);
         }
         this.qualityCache = {};
         return this.qualityCache;
@@ -346,8 +352,11 @@ ${[...new Set(proposal.toolsUsed)].map((t) => `- ${t}`).join('\n')}
         try {
             await node_fs_1.promises.writeFile(this.qualityPath, JSON.stringify(cache, null, 2), 'utf-8');
         }
-        catch {
-            // ignore disk failures — quality data is best-effort.
+        catch (e) {
+            // Phase v4.1.2-slice3: surface disk-write failures (EACCES,
+            // ENOSPC, EROFS) instead of silently dropping. Best-effort
+            // semantic preserved — we still return without throwing.
+            this.healthTracker?.recordFailure(e);
         }
     }
 }

package/dist/providers/v4/chatCompletionsAdapter.js

@@ -68,6 +68,7 @@ class ChatCompletionsAdapter {
         this.timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
         this.maxRetries = opts.maxRetries ?? DEFAULT_MAX_RETRIES;
         this.extraHeaders = opts.extraHeaders ?? {};
+        this.defaultExtraBody = opts.defaultExtraBody;
     }
     // ── Non-streaming ────────────────────────────────────────────────────
     async call(input) {
@@ -127,6 +128,14 @@ class ChatCompletionsAdapter {
             // the stream closes promptly and we get accurate token accounting.
             body.stream_options = { include_usage: true };
         }
+        // Phase v4.1.2-deepseek: merge order is base body → defaultExtraBody
+        // (model-mandated, from resolver lookup in MODEL_DEFAULTS) → per-call
+        // input.extraBody (caller). Per-call wins so a single request can
+        // override a default (e.g. disabling thinking on a probe). This
+        // matters because providers/v4/modelDefaults.ts sets thinking +
+        // reasoning_effort for deepseek-v4-pro on EVERY call.
+        if (this.defaultExtraBody)
+            Object.assign(body, this.defaultExtraBody);
         if (input.extraBody)
             Object.assign(body, input.extraBody);
         return body;

package/dist/providers/v4/errors.js

@@ -17,12 +17,21 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ProviderRateLimitError = exports.ProviderTimeoutError = exports.ProviderError = void 0;
 exports.formatRawForMessage = formatRawForMessage;
+exports.classifyProviderError = classifyProviderError;
+exports.suggestForErrorClass = suggestForErrorClass;
 /**
  * Format a raw response body for inclusion in the user-facing error
- * message. Recognises the OpenAI / Anthropic JSON envelope shape
- * (`{ error: { message: "..." } }`) and falls back to the raw string
- * for plain-text bodies. Returns null when nothing useful is available
- * so callers can omit the ": <detail>" tail entirely.
+ * message. Recognises three JSON envelope shapes and falls back to the
+ * raw string for plain-text bodies. Returns null when nothing useful is
+ * available so callers can omit the ": <detail>" tail entirely.
+ *
+ * Recognised envelopes (most-specific first):
+ *   1. OpenAI / Anthropic:  `{ error: { message: "..." } }`
+ *   2. Top-level message:   `{ message: "..." }`
+ *   3. Codex Responses:     `{ detail: "..." }` (Phase v4.1.2-bug3 —
+ *      surfaced by slice5: the Codex backend at chatgpt.com/backend-api/
+ *      codex/responses returns 4xx bodies in this shape, e.g.
+ *      `{"detail": "The 'gpt-5.1-codex-max' model is not supported..."}`)
  *
  * Truncates to 300 chars to keep multi-line responses from blowing
  * up the user's terminal — full body remains on `error.raw` for
@@ -45,6 +54,15 @@ function formatRawForMessage(raw) {
         if (typeof topMsg === 'string' && topMsg.length > 0) {
             return topMsg.length > 300 ? `${topMsg.slice(0, 300)}…` : topMsg;
         }
+        // Codex Responses envelope: { detail: "..." }. Distinct from the
+        // OpenAI shape — the Codex backend uses FastAPI-style validation
+        // errors that surface as `detail` (str) for tier/auth rejections
+        // and `detail: [{...}]` for schema errors. Only the string form is
+        // useful in the message tail; the array form is left to .raw.
+        const detail = raw.detail;
+        if (typeof detail === 'string' && detail.length > 0) {
+            return detail.length > 300 ? `${detail.slice(0, 300)}…` : detail;
+        }
         return null;
     }
     // Plain string body.
@@ -93,3 +111,93 @@ class ProviderRateLimitError extends ProviderError {
     }
 }
 exports.ProviderRateLimitError = ProviderRateLimitError;
+function classifyProviderError(err) {
+    if (err == null)
+        return 'other';
+    // 1. Type-based class detection (fastest, most structured).
+    if (err instanceof ProviderRateLimitError)
+        return 'rate_limit';
+    if (err instanceof ProviderTimeoutError)
+        return 'transport';
+    if (err instanceof ProviderError) {
+        if (err.statusCode === 413)
+            return 'context_overflow';
+        if (err.statusCode === 429)
+            return 'rate_limit';
+        if (err.statusCode === 401 || err.statusCode === 403)
+            return 'auth';
+    }
+    // 2. Fall back to message scanning. Adapters that pass through the
+    //    upstream JSON `error.message` verbatim land here.
+    const msg = err instanceof Error ? err.message : String(err);
+    const lc = msg.toLowerCase();
+    // Context overflow / 413 family. Groq's free-tier TPM cap triggers
+    // these on the first turn once the prompt + tool schemas inflate.
+    if (lc.includes('413') ||
+        lc.includes('context_length_exceeded') ||
+        lc.includes('context length') ||
+        lc.includes('too large') ||
+        lc.includes('maximum context length') ||
+        lc.includes('payload too large')) {
+        return 'context_overflow';
+    }
+    // Rate-limit family — 429 / TPM / quota / "too many requests".
+    if (lc.includes('429') ||
+        lc.includes('rate_limit') ||
+        lc.includes('rate limit') ||
+        lc.includes('too many requests') ||
+        lc.includes('quota') ||
+        lc.includes('tpm')) {
+        return 'rate_limit';
+    }
+    // Auth family — 401 / 403 / invalid keys / unauthenticated.
+    if (lc.includes('401') ||
+        lc.includes('403') ||
+        lc.includes('invalid_api_key') ||
+        lc.includes('invalid api key') ||
+        lc.includes('unauthenticated') ||
+        lc.includes('unauthorized') ||
+        lc.includes('forbidden')) {
+        return 'auth';
+    }
+    // Transport — network, DNS, timeouts that escaped the typed path.
+    if (lc.includes('econnrefused') ||
+        lc.includes('enotfound') ||
+        lc.includes('etimedout') ||
+        lc.includes('socket hang up') ||
+        lc.includes('network')) {
+        return 'transport';
+    }
+    return 'other';
+}
+/**
+ * v4.1.3-prebump: produce a single-sentence actionable hint for the
+ * given error class. Returns null for `'other'` so the caller can keep
+ * its existing default suggestion. Provider name is surfaced where it
+ * sharpens the advice ("groq rate-limited" reads clearer than
+ * "rate limit").
+ *
+ * Pure helper. The REPL displays the result; tests assert it. No
+ * registry / state access — feed it the class + provider name.
+ */
+function suggestForErrorClass(cls, providerName) {
+    const p = providerName ?? 'this provider';
+    switch (cls) {
+        case 'context_overflow':
+            return (`${p} returned 413 (context too large). The combined system prompt ` +
+                `+ tool schemas exceed ${p}'s context window. Try \`/model\` to ` +
+                `switch to a provider with more headroom (chatgpt-plus, anthropic, ` +
+                `deepseek).`);
+        case 'rate_limit':
+            return (`${p} is rate-limited. Wait a minute, or run \`/model\` to switch ` +
+                `to another authed provider while ${p} cools off.`);
+        case 'auth':
+            return (`${p} rejected the credentials. Run \`/auth status\` (or check the ` +
+                `relevant API key env var) and \`/auth login\` if needed.`);
+        case 'transport':
+            return (`Network or transport error reaching ${p}. Check connectivity, then ` +
+                `retry — or \`/model\` to a local provider (ollama) for offline work.`);
+        case 'other':
+            return null;
+    }
+}

package/dist/providers/v4/modelDefaults.js

@@ -0,0 +1,65 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * providers/v4/modelDefaults.ts — Phase v4.1.2-deepseek.
+ *
+ * Per-model default request parameters. Keyed by `${providerId}:${modelId}`
+ * so the same model slug appearing under multiple providers doesn't
+ * collide (e.g. a future shared-slug case across compat endpoints).
+ *
+ * Today's only consumer:
+ *   deepseek:deepseek-v4-pro → always send extra_body.thinking +
+ *   reasoning_effort, per DeepSeek's V4-Pro API guidance:
+ *
+ *     client.chat.completions.create(
+ *       model="deepseek-v4-pro",
+ *       messages=...,
+ *       reasoning_effort="high",
+ *       extra_body={"thinking": {"type": "enabled"}},
+ *     )
+ *
+ * The defaults are merged into the wire body by ChatCompletionsAdapter:
+ *   base body → defaultExtraBody (from this map) → per-call extraBody
+ *   (from the caller's ProviderCallInput)
+ *
+ * Per-call extraBody wins so a caller can disable thinking on a single
+ * request without un-registering the model default.
+ *
+ * Adding a new entry: keep this file small. Per-model knowledge lives
+ * here so resolver / registry / adapter stay pure (credential
+ * resolution / provider facts / wire-format mechanics respectively).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MODEL_DEFAULTS = void 0;
+exports.getModelDefaults = getModelDefaults;
+/**
+ * Per-`${providerId}:${modelId}` defaults. `undefined` lookup means
+ * the model takes no special handling.
+ */
+exports.MODEL_DEFAULTS = Object.freeze({
+    // DeepSeek V4 Pro — thinking-mode flagship.
+    // Reference: https://api-docs.deepseek.com/ (verified 2026-05).
+    // deepseek-v4-flash exists too but is not wired this slice; its
+    // legacy aliases (deepseek-chat = v4-flash non-think,
+    // deepseek-reasoner = v4-flash think) stay un-defaulted to preserve
+    // the existing pass-through behavior for users who explicitly
+    // selected them.
+    'deepseek:deepseek-v4-pro': {
+        extraBody: {
+            thinking: { type: 'enabled' },
+            reasoning_effort: 'high',
+        },
+    },
+});
+/**
+ * Look up defaults for a (provider, model) pair. Returns `undefined`
+ * when no entry exists — caller skips the extraBody merge.
+ */
+function getModelDefaults(providerId, modelId) {
+    return exports.MODEL_DEFAULTS[`${providerId}:${modelId}`];
+}