aiden-runtime 4.5.0 → 4.6.1

package/dist/core/v4/providers/modelFetch.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/providers/modelFetch.ts — ONB1 slice 6.
+ *
+ * Live `/models` enumeration used by the onboarding model picker.
+ * Six providers have first-class live-fetch implementations:
+ *   - anthropic   GET  https://api.anthropic.com/v1/models
+ *   - openai      GET  https://api.openai.com/v1/models
+ *   - groq        GET  https://api.groq.com/openai/v1/models
+ *   - openrouter  GET  https://openrouter.ai/api/v1/models
+ *   - gemini      GET  https://generativelanguage.googleapis.com/v1beta/models
+ *   - ollama      GET  http://localhost:11434/api/tags
+ *
+ * Every other provider falls through to the curated MODEL_CATALOG
+ * static list (providers/v4/modelCatalog.ts).
+ *
+ * Behaviour contract:
+ *   - 5-second hard timeout per request (configurable).
+ *   - On any failure (network, non-2xx, malformed body) we return the
+ *     static fallback with `{ source: 'fallback', reason }` so the
+ *     picker can show the muted "Couldn't reach API" hint.
+ *   - Results are sorted with "recommended" / default models first,
+ *     then by display name.
+ *   - No client-side cost-tier annotation — the curated catalog owns
+ *     pricing where it's known; the picker shows "$" tiers from the
+ *     fallback only.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchModels = fetchModels;
+const modelCatalog_1 = require("../../../providers/v4/modelCatalog");
+const DEFAULT_TIMEOUT_MS = 5000;
+function tierFromPricing(p) {
+    if (!p)
+        return undefined;
+    const avg = (p.inputPerM + p.outputPerM) / 2;
+    if (avg <= 0)
+        return 'free';
+    if (avg < 2)
+        return '$';
+    if (avg < 10)
+        return '$$';
+    return '$$$';
+}
+function fallbackFor(providerId, reason) {
+    const entries = modelCatalog_1.MODEL_CATALOG.filter((m) => m.providerId === providerId);
+    const models = entries
+        .sort((a, b) => Number(b.isDefault) - Number(a.isDefault) || a.displayName.localeCompare(b.displayName))
+        .map((m) => ({
+        id: m.id,
+        displayName: m.displayName,
+        contextLength: m.contextLength,
+        recommended: m.isDefault,
+        tier: tierFromPricing(m.pricing),
+    }));
+    return { models, source: 'fallback', reason };
+}
+function withTimeout(p, ms) {
+    return new Promise((resolve, reject) => {
+        const t = setTimeout(() => reject(new Error(`Timed out after ${ms}ms`)), ms);
+        p.then((v) => { clearTimeout(t); resolve(v); }, (e) => { clearTimeout(t); reject(e); });
+    });
+}
+function normalise(providerId, raws) {
+    // Cross-reference the static catalog for recommended flags + display names
+    // (live responses rarely include the friendly name).
+    const cat = new Map(modelCatalog_1.MODEL_CATALOG.filter((m) => m.providerId === providerId).map((m) => [m.id, m]));
+    return raws
+        .filter((m) => m && typeof m.id === 'string' && m.id.length > 0)
+        .map((m) => {
+        const c = cat.get(m.id);
+        return {
+            id: m.id,
+            displayName: c?.displayName ?? m.display_name ?? m.name ?? m.id,
+            contextLength: c?.contextLength ?? m.context_length,
+            recommended: c?.isDefault,
+            tier: tierFromPricing(c?.pricing),
+        };
+    })
+        .sort((a, b) => Number(b.recommended) - Number(a.recommended) || a.displayName.localeCompare(b.displayName));
+}
+async function fetchAnthropic(o) {
+    const res = await withTimeout(o.fetchImpl('https://api.anthropic.com/v1/models', {
+        headers: { 'x-api-key': o.apiKey, 'anthropic-version': '2023-06-01' },
+    }), o.timeoutMs);
+    if (!res.ok)
+        throw new Error(`HTTP ${res.status}`);
+    const body = await res.json();
+    return body.data ?? [];
+}
+async function fetchOpenAICompat(url, o) {
+    const res = await withTimeout(o.fetchImpl(url, {
+        headers: { Authorization: `Bearer ${o.apiKey}` },
+    }), o.timeoutMs);
+    if (!res.ok)
+        throw new Error(`HTTP ${res.status}`);
+    const body = await res.json();
+    return body.data ?? [];
+}
+async function fetchGemini(o) {
+    const url = `https://generativelanguage.googleapis.com/v1beta/models?key=${encodeURIComponent(o.apiKey)}`;
+    const res = await withTimeout(o.fetchImpl(url), o.timeoutMs);
+    if (!res.ok)
+        throw new Error(`HTTP ${res.status}`);
+    const body = await res.json();
+    // Gemini ids come back as "models/gemini-2.0-flash" — strip the prefix.
+    return (body.models ?? []).map((m) => ({
+        id: m.name.replace(/^models\//, ''),
+        display_name: m.displayName,
+        context_length: m.inputTokenLimit,
+    }));
+}
+async function fetchOllama(baseUrl, o) {
+    const res = await withTimeout(o.fetchImpl(`${baseUrl.replace(/\/+$/, '')}/api/tags`), o.timeoutMs);
+    if (!res.ok)
+        throw new Error(`HTTP ${res.status}`);
+    const body = await res.json();
+    return (body.models ?? []).map((m) => ({ id: m.name, display_name: m.name }));
+}
+/**
+ * Fetch available models for `providerId`, falling back to the
+ * curated catalog when the live endpoint is unreachable, the key is
+ * missing, or the response is malformed.
+ */
+async function fetchModels(opts) {
+    const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const fetchImpl = opts.fetchImpl ?? fetch;
+    const apiKey = opts.apiKey ?? '';
+    try {
+        let raws;
+        switch (opts.providerId) {
+            case 'anthropic':
+                if (!apiKey)
+                    return fallbackFor('anthropic', 'no API key');
+                raws = await fetchAnthropic({ apiKey, timeoutMs, fetchImpl });
+                break;
+            case 'openai':
+                if (!apiKey)
+                    return fallbackFor('openai', 'no API key');
+                raws = await fetchOpenAICompat('https://api.openai.com/v1/models', { apiKey, timeoutMs, fetchImpl });
+                break;
+            case 'groq':
+                if (!apiKey)
+                    return fallbackFor('groq', 'no API key');
+                raws = await fetchOpenAICompat('https://api.groq.com/openai/v1/models', { apiKey, timeoutMs, fetchImpl });
+                break;
+            case 'openrouter':
+                // OpenRouter exposes /models without auth, but auth gives the user's
+                // available subset — we use the public list to populate the picker.
+                raws = await fetchOpenAICompat('https://openrouter.ai/api/v1/models', { apiKey: apiKey || 'anon', timeoutMs, fetchImpl });
+                break;
+            case 'gemini':
+                if (!apiKey)
+                    return fallbackFor('gemini', 'no API key');
+                raws = await fetchGemini({ apiKey, timeoutMs, fetchImpl });
+                break;
+            case 'ollama':
+                raws = await fetchOllama(opts.baseUrl ?? 'http://localhost:11434', { timeoutMs, fetchImpl });
+                break;
+            default:
+                // Every other provider — together, nvidia, deepseek, mistral, custom,
+                // claude-pro, chatgpt-plus, etc. — uses the curated catalog.
+                return fallbackFor(opts.providerId);
+        }
+        const models = normalise(opts.providerId, raws);
+        if (models.length === 0)
+            return fallbackFor(opts.providerId, 'empty live response');
+        return { models, source: 'live' };
+    }
+    catch (err) {
+        const reason = err instanceof Error ? err.message : String(err);
+        return fallbackFor(opts.providerId, reason);
+    }
+}

package/dist/core/v4/providers/probe.js

@@ -0,0 +1,275 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/providers/probe.ts — ONB1 slice 7.
+ *
+ * Three-step connection validator run after the user enters an API
+ * key during the onboarding flow. Replaces the wizard's single
+ * `validateProviderKey` round-trip with discrete probes so the user
+ * sees exactly which capability fails:
+ *
+ *   Step 1  Sending test request    → key + auth header accepted
+ *   Step 2  Verifying model access  → chosen model is reachable
+ *   Step 3  Checking tool calls     → tool_use is supported
+ *
+ * Each step returns a `ProbeStepResult` independently; the runner
+ * stops on the first failure. The error envelope is categorised so
+ * the UX can branch: auth → "key was rejected"; rate-limit → "wait
+ * or try another provider"; model-not-found → "model not on this
+ * key's allow-list"; network → "couldn't reach API".
+ *
+ * No client-side cost: each probe uses the cheapest call available
+ * (max_tokens=1, GET /models, or a no-op tool-definition send).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runProbe = runProbe;
+const DEFAULT_TIMEOUT_MS = 8000;
+function withTimeout(p, ms) {
+    return new Promise((resolve, reject) => {
+        const t = setTimeout(() => reject(Object.assign(new Error(`timed out after ${ms}ms`), { code: 'TIMEOUT' })), ms);
+        p.then((v) => { clearTimeout(t); resolve(v); }, (e) => { clearTimeout(t); reject(e); });
+    });
+}
+function classifyStatus(status, retryAfter) {
+    if (status === 401 || status === 403)
+        return { category: 'auth', reason: 'API key rejected' };
+    if (status === 404)
+        return { category: 'model-not-found', reason: 'Model not on this key\'s allow-list' };
+    if (status === 429) {
+        const sec = retryAfter ? parseInt(retryAfter, 10) : undefined;
+        return { category: 'rate-limit', reason: 'Rate-limited by provider', retryAfterSec: Number.isFinite(sec ?? NaN) ? sec : undefined };
+    }
+    if (status >= 500)
+        return { category: 'network', reason: `Upstream error (HTTP ${status})` };
+    return { category: 'unknown', reason: `HTTP ${status}` };
+}
+function classifyError(err) {
+    if (err && typeof err === 'object') {
+        const e = err;
+        if (e.code === 'TIMEOUT' || e.name === 'AbortError')
+            return { category: 'network', reason: 'Request timed out' };
+        const msg = e.message ?? String(err);
+        return { category: 'network', reason: msg.length > 160 ? msg.slice(0, 157) + '...' : msg };
+    }
+    return { category: 'unknown', reason: String(err) };
+}
+/**
+ * Step 1 — key works. Cheapest GET we can issue per provider; for
+ * Anthropic we POST a 1-token /v1/messages because they don't expose
+ * a no-auth /models for keys without billing.
+ */
+function buildAuthRequest(o) {
+    const apiKey = o.apiKey;
+    switch (o.providerId) {
+        case 'anthropic':
+            return {
+                url: 'https://api.anthropic.com/v1/models',
+                method: 'GET',
+                headers: { 'x-api-key': apiKey, 'anthropic-version': '2023-06-01' },
+            };
+        case 'openai':
+            return { url: 'https://api.openai.com/v1/models', method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        case 'groq':
+            return { url: 'https://api.groq.com/openai/v1/models', method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        case 'openrouter':
+            return { url: 'https://openrouter.ai/api/v1/auth/key', method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        case 'gemini':
+            return { url: `https://generativelanguage.googleapis.com/v1beta/models?key=${encodeURIComponent(apiKey)}`, method: 'GET', headers: {} };
+        case 'together':
+            return { url: 'https://api.together.xyz/v1/models', method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        case 'nvidia':
+            return { url: 'https://integrate.api.nvidia.com/v1/models', method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        case 'ollama': {
+            const root = (o.baseUrl ?? 'http://localhost:11434').replace(/\/+$/, '');
+            return { url: `${root}/api/tags`, method: 'GET', headers: {} };
+        }
+        case 'custom': {
+            const root = (o.baseUrl ?? '').replace(/\/+$/, '');
+            if (!root)
+                return null;
+            return { url: `${root}/models`, method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        }
+        default:
+            return null;
+    }
+}
+/**
+ * Step 2 — model access. Re-uses the models list from step 1 when
+ * possible (single GET), but issues a 1-token completion when the
+ * provider's /models is incomplete (Anthropic returns paginated;
+ * Ollama returns local tags only). The runner caches the step-1
+ * body so step 2 doesn't double-fetch.
+ */
+function buildModelCheckRequest(o) {
+    switch (o.providerId) {
+        case 'anthropic':
+            return {
+                url: 'https://api.anthropic.com/v1/messages',
+                method: 'POST',
+                headers: {
+                    'x-api-key': o.apiKey,
+                    'anthropic-version': '2023-06-01',
+                    'content-type': 'application/json',
+                },
+                body: JSON.stringify({ model: o.modelId, max_tokens: 1, messages: [{ role: 'user', content: 'ping' }] }),
+            };
+        default:
+            // For OpenAI-compatible providers we trust the /models list parsed
+            // in step 1. The runner short-circuits and just checks membership.
+            return null;
+    }
+}
+function buildToolCheckRequest(o) {
+    switch (o.providerId) {
+        case 'anthropic':
+            return {
+                url: 'https://api.anthropic.com/v1/messages',
+                method: 'POST',
+                headers: { 'x-api-key': o.apiKey, 'anthropic-version': '2023-06-01', 'content-type': 'application/json' },
+                body: JSON.stringify({
+                    model: o.modelId,
+                    max_tokens: 1,
+                    tools: [{ name: 'noop', description: 'noop', input_schema: { type: 'object', properties: {} } }],
+                    messages: [{ role: 'user', content: 'noop' }],
+                }),
+            };
+        case 'openai':
+        case 'groq':
+        case 'openrouter':
+        case 'together':
+        case 'nvidia':
+            return {
+                url: o.providerId === 'openai'
+                    ? 'https://api.openai.com/v1/chat/completions'
+                    : o.providerId === 'groq'
+                        ? 'https://api.groq.com/openai/v1/chat/completions'
+                        : o.providerId === 'openrouter'
+                            ? 'https://openrouter.ai/api/v1/chat/completions'
+                            : o.providerId === 'together'
+                                ? 'https://api.together.xyz/v1/chat/completions'
+                                : 'https://integrate.api.nvidia.com/v1/chat/completions',
+                method: 'POST',
+                headers: { Authorization: `Bearer ${o.apiKey}`, 'content-type': 'application/json' },
+                body: JSON.stringify({
+                    model: o.modelId,
+                    max_tokens: 1,
+                    messages: [{ role: 'user', content: 'noop' }],
+                    tools: [{ type: 'function', function: { name: 'noop', parameters: { type: 'object', properties: {} } } }],
+                }),
+            };
+        default:
+            // Local (Ollama) and providers without tool_use support — skip.
+            return null;
+    }
+}
+async function runRequest(req, o) {
+    const fetchImpl = o.fetchImpl ?? fetch;
+    const timeoutMs = o.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const res = await withTimeout(fetchImpl(req.url, {
+        method: req.method,
+        headers: req.headers,
+        body: req.body,
+    }), timeoutMs);
+    const retryAfter = res.headers.get('retry-after');
+    const bodyText = await res.text().catch(() => '');
+    return { status: res.status, bodyText, retryAfter };
+}
+/**
+ * Run the 3-step probe. Stops on first failure and returns the
+ * partial trace so the UX can render which step turned red.
+ */
+async function runProbe(o) {
+    const steps = [];
+    // Step 1 — auth
+    const authReq = buildAuthRequest(o);
+    let modelsBody = '';
+    if (!authReq) {
+        steps.push({ step: 'auth', ok: false, category: 'unknown', reason: 'No probe endpoint for this provider' });
+        return { ok: false, steps };
+    }
+    try {
+        const r = await runRequest(authReq, o);
+        if (r.status >= 200 && r.status < 300) {
+            steps.push({ step: 'auth', ok: true });
+            modelsBody = r.bodyText;
+        }
+        else {
+            const cls = classifyStatus(r.status, r.retryAfter);
+            steps.push({ step: 'auth', ok: false, ...cls });
+            return { ok: false, steps };
+        }
+    }
+    catch (err) {
+        steps.push({ step: 'auth', ok: false, ...classifyError(err) });
+        return { ok: false, steps };
+    }
+    // Step 2 — model access
+    const modelReq = buildModelCheckRequest(o);
+    if (modelReq) {
+        // Provider needs a real completion call (e.g. Anthropic).
+        try {
+            const r = await runRequest(modelReq, o);
+            if (r.status >= 200 && r.status < 300) {
+                steps.push({ step: 'model', ok: true });
+            }
+            else {
+                const cls = classifyStatus(r.status, r.retryAfter);
+                steps.push({ step: 'model', ok: false, ...cls });
+                return { ok: false, steps };
+            }
+        }
+        catch (err) {
+            steps.push({ step: 'model', ok: false, ...classifyError(err) });
+            return { ok: false, steps };
+        }
+    }
+    else {
+        // OpenAI-compatible: check membership in the /models body from step 1.
+        let found = false;
+        try {
+            const body = JSON.parse(modelsBody);
+            found = !!body.data?.some((m) => m.id === o.modelId);
+        }
+        catch { /* malformed body — treat as unknown */ }
+        if (found) {
+            steps.push({ step: 'model', ok: true });
+        }
+        else {
+            steps.push({ step: 'model', ok: false, category: 'model-not-found', reason: `Model '${o.modelId}' not in this key's catalog` });
+            return { ok: false, steps };
+        }
+    }
+    // Step 3 — tool support
+    const toolReq = buildToolCheckRequest(o);
+    if (!toolReq) {
+        steps.push({ step: 'tools', ok: true });
+        return { ok: true, steps };
+    }
+    try {
+        const r = await runRequest(toolReq, o);
+        if (r.status >= 200 && r.status < 300) {
+            steps.push({ step: 'tools', ok: true });
+            return { ok: true, steps };
+        }
+        // 400 with a body that mentions tools is the typical "model doesn't
+        // support tool_use" signature — we categorise as tool-unsupported
+        // rather than generic auth.
+        if (r.status === 400 && /tool/i.test(r.bodyText)) {
+            steps.push({ step: 'tools', ok: false, category: 'tool-unsupported', reason: 'Model does not support tool calls' });
+        }
+        else {
+            const cls = classifyStatus(r.status, r.retryAfter);
+            steps.push({ step: 'tools', ok: false, ...cls });
+        }
+        return { ok: false, steps };
+    }
+    catch (err) {
+        steps.push({ step: 'tools', ok: false, ...classifyError(err) });
+        return { ok: false, steps };
+    }
+}

package/dist/core/v4/runtimeToggles.js

@@ -52,14 +52,41 @@ const ENV_VAR = {
     // env (this is mostly a UX toggle) but included for symmetry with
     // the other subsystem toggles.
     suggestions: 'AIDEN_SUGGESTIONS',
+    // v4.6 Phase 2M — keyword-based per-turn tool narrowing.
+    // Default OFF: smart models (GPT-5.5, Claude Sonnet 4.5+, Opus)
+    // pick tools fine from a full catalog. PlannerGuard adds latency
+    // (1 LLM call when mode=llm_classified) and occasionally strips
+    // tools the model genuinely needed. Opt in for small local models
+    // that get overwhelmed by 50+ tool schemas.
+    planner_guard: 'AIDEN_PLANNER_GUARD',
 };
 const CONFIG_KEY = {
     sandbox: 'runtime_toggles.sandbox',
     tce: 'runtime_toggles.tce',
     browser_depth: 'runtime_toggles.browser_depth',
     suggestions: 'runtime_toggles.suggestions',
+    planner_guard: 'runtime_toggles.planner_guard',
+};
+const ALL_KEYS = [
+    'sandbox', 'tce', 'browser_depth', 'suggestions', 'planner_guard',
+];
+/**
+ * v4.6 Phase 2M — per-key default. Pre-2M every toggle defaulted to
+ * `true` (sandbox/tce/browser-depth/suggestions all ship on); the
+ * `planner_guard` toggle is the first to default `false`, so the
+ * resolver needs a per-key default map rather than a hardcoded `true`.
+ *
+ * Smart models (GPT-5.5, Claude Sonnet 4.5+, Opus) pick from the
+ * full tool catalog without help — keyword-based narrowing is a
+ * legacy workaround for smaller local models, opt in when needed.
+ */
+const DEFAULT_VALUE = {
+    sandbox: true,
+    tce: true,
+    browser_depth: true,
+    suggestions: true,
+    planner_guard: false,
 };
-const ALL_KEYS = ['sandbox', 'tce', 'browser_depth', 'suggestions'];
 // ── Resolver primitives ────────────────────────────────────────────────────
 /**
  * Strict env interpretation matching existing v4.2/v4.3/v4.4
@@ -122,8 +149,8 @@ function buildRuntimeToggles(deps = {}) {
         const cfgValue = readConfig(deps.configRead, key);
         if (cfgValue !== null)
             return { value: cfgValue, source: 'config' };
-        // 4. default
-        return { value: true, source: 'default' };
+        // 4. default (v4.6 Phase 2M — per-key, see DEFAULT_VALUE)
+        return { value: DEFAULT_VALUE[key], source: 'default' };
     }
     function fire(key) {
         const set = subscribers.get(key);