aiden-runtime 4.6.0 → 4.7.0

package/dist/core/v4/aidenAgent.js

@@ -372,25 +372,21 @@ class AidenAgent {
         // 8. Run the tool-calling loop.
         const loopResult = await this.runTurnLoop(messages, narrowedTools, trackers, options);
         // 9. Honesty post-loop scan (only if loop ended with a normal stop).
+        //
+        // v4.7.0 Phase 2.3 — the verifier now records deterministic
+        // outcome events from `toolCallTrace` (not regex over the
+        // assistant's text). When `findings.length > 0` AND mode is
+        // `enforce`, it returns an append-only `footer` we concatenate
+        // to `finalContent`. The model's text is NEVER rewritten —
+        // that was the v4.6.x failure mode this verifier replaces.
         let honestyFindings;
         let finalContent = loopResult.finalContent;
         if (this.honestyEnforcement && loopResult.finishReason === 'stop') {
             try {
                 const scan = await this.honestyEnforcement.check(finalContent, loopResult.messages, loopResult.toolCallTrace);
-                if (!scan.passed) {
-                    honestyFindings = scan.findings;
-                    if (scan.correctedResponse) {
-                        finalContent = scan.correctedResponse;
-                        // Reflect the corrected text in the message history too so
-                        // /debug-prompt and /usage agree on the final string.
-                        for (let i = loopResult.messages.length - 1; i >= 0; i--) {
-                            const m = loopResult.messages[i];
-                            if (m.role === 'assistant' && (!m.toolCalls || m.toolCalls.length === 0)) {
-                                loopResult.messages[i].content = finalContent;
-                                break;
-                            }
-                        }
-                    }
+                honestyFindings = scan.findings;
+                if (scan.footer) {
+                    finalContent = `${finalContent}\n\n${scan.footer}`;
                 }
             }
             catch {
@@ -970,6 +966,15 @@ class AidenAgent {
                     result: result.result,
                     error: result.error,
                     verified: this.resolveVerifiedFlag?.(result),
+                    // v4.7.0 Phase 2.3 — stamp the handler's `mutates` flag
+                    // at dispatch time so the post-loop honesty verifier can
+                    // distinguish mutating vs read-only failures without
+                    // needing a registry handle. Defaults to `false` for
+                    // unknown tools (the resolver returns undefined) — read-
+                    // only tools that error are surfaced via the tool-trail
+                    // row already; the verifier deliberately stays quiet
+                    // about them.
+                    handlerMutates: this.resolveMutates?.(call.name) ?? false,
                     // v4.2 Phase 1 — verification surfaces alongside the trace
                     // entry for downstream callers (chatSession, loopTrace,
                     // future RecoveryReport). Undefined when TCE is off.

package/dist/core/v4/providers/modelFetch.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/providers/modelFetch.ts — ONB1 slice 6.
+ *
+ * Live `/models` enumeration used by the onboarding model picker.
+ * Six providers have first-class live-fetch implementations:
+ *   - anthropic   GET  https://api.anthropic.com/v1/models
+ *   - openai      GET  https://api.openai.com/v1/models
+ *   - groq        GET  https://api.groq.com/openai/v1/models
+ *   - openrouter  GET  https://openrouter.ai/api/v1/models
+ *   - gemini      GET  https://generativelanguage.googleapis.com/v1beta/models
+ *   - ollama      GET  http://localhost:11434/api/tags
+ *
+ * Every other provider falls through to the curated MODEL_CATALOG
+ * static list (providers/v4/modelCatalog.ts).
+ *
+ * Behaviour contract:
+ *   - 5-second hard timeout per request (configurable).
+ *   - On any failure (network, non-2xx, malformed body) we return the
+ *     static fallback with `{ source: 'fallback', reason }` so the
+ *     picker can show the muted "Couldn't reach API" hint.
+ *   - Results are sorted with "recommended" / default models first,
+ *     then by display name.
+ *   - No client-side cost-tier annotation — the curated catalog owns
+ *     pricing where it's known; the picker shows "$" tiers from the
+ *     fallback only.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchModels = fetchModels;
+const modelCatalog_1 = require("../../../providers/v4/modelCatalog");
+const DEFAULT_TIMEOUT_MS = 5000;
+function tierFromPricing(p) {
+    if (!p)
+        return undefined;
+    const avg = (p.inputPerM + p.outputPerM) / 2;
+    if (avg <= 0)
+        return 'free';
+    if (avg < 2)
+        return '$';
+    if (avg < 10)
+        return '$$';
+    return '$$$';
+}
+function fallbackFor(providerId, reason) {
+    const entries = modelCatalog_1.MODEL_CATALOG.filter((m) => m.providerId === providerId);
+    const models = entries
+        .sort((a, b) => Number(b.isDefault) - Number(a.isDefault) || a.displayName.localeCompare(b.displayName))
+        .map((m) => ({
+        id: m.id,
+        displayName: m.displayName,
+        contextLength: m.contextLength,
+        recommended: m.isDefault,
+        tier: tierFromPricing(m.pricing),
+    }));
+    return { models, source: 'fallback', reason };
+}
+function withTimeout(p, ms) {
+    return new Promise((resolve, reject) => {
+        const t = setTimeout(() => reject(new Error(`Timed out after ${ms}ms`)), ms);
+        p.then((v) => { clearTimeout(t); resolve(v); }, (e) => { clearTimeout(t); reject(e); });
+    });
+}
+function normalise(providerId, raws) {
+    // Cross-reference the static catalog for recommended flags + display names
+    // (live responses rarely include the friendly name).
+    const cat = new Map(modelCatalog_1.MODEL_CATALOG.filter((m) => m.providerId === providerId).map((m) => [m.id, m]));
+    return raws
+        .filter((m) => m && typeof m.id === 'string' && m.id.length > 0)
+        .map((m) => {
+        const c = cat.get(m.id);
+        return {
+            id: m.id,
+            displayName: c?.displayName ?? m.display_name ?? m.name ?? m.id,
+            contextLength: c?.contextLength ?? m.context_length,
+            recommended: c?.isDefault,
+            tier: tierFromPricing(c?.pricing),
+        };
+    })
+        .sort((a, b) => Number(b.recommended) - Number(a.recommended) || a.displayName.localeCompare(b.displayName));
+}
+async function fetchAnthropic(o) {
+    const res = await withTimeout(o.fetchImpl('https://api.anthropic.com/v1/models', {
+        headers: { 'x-api-key': o.apiKey, 'anthropic-version': '2023-06-01' },
+    }), o.timeoutMs);
+    if (!res.ok)
+        throw new Error(`HTTP ${res.status}`);
+    const body = await res.json();
+    return body.data ?? [];
+}
+async function fetchOpenAICompat(url, o) {
+    const res = await withTimeout(o.fetchImpl(url, {
+        headers: { Authorization: `Bearer ${o.apiKey}` },
+    }), o.timeoutMs);
+    if (!res.ok)
+        throw new Error(`HTTP ${res.status}`);
+    const body = await res.json();
+    return body.data ?? [];
+}
+async function fetchGemini(o) {
+    const url = `https://generativelanguage.googleapis.com/v1beta/models?key=${encodeURIComponent(o.apiKey)}`;
+    const res = await withTimeout(o.fetchImpl(url), o.timeoutMs);
+    if (!res.ok)
+        throw new Error(`HTTP ${res.status}`);
+    const body = await res.json();
+    // Gemini ids come back as "models/gemini-2.0-flash" — strip the prefix.
+    return (body.models ?? []).map((m) => ({
+        id: m.name.replace(/^models\//, ''),
+        display_name: m.displayName,
+        context_length: m.inputTokenLimit,
+    }));
+}
+async function fetchOllama(baseUrl, o) {
+    const res = await withTimeout(o.fetchImpl(`${baseUrl.replace(/\/+$/, '')}/api/tags`), o.timeoutMs);
+    if (!res.ok)
+        throw new Error(`HTTP ${res.status}`);
+    const body = await res.json();
+    return (body.models ?? []).map((m) => ({ id: m.name, display_name: m.name }));
+}
+/**
+ * Fetch available models for `providerId`, falling back to the
+ * curated catalog when the live endpoint is unreachable, the key is
+ * missing, or the response is malformed.
+ */
+async function fetchModels(opts) {
+    const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const fetchImpl = opts.fetchImpl ?? fetch;
+    const apiKey = opts.apiKey ?? '';
+    try {
+        let raws;
+        switch (opts.providerId) {
+            case 'anthropic':
+                if (!apiKey)
+                    return fallbackFor('anthropic', 'no API key');
+                raws = await fetchAnthropic({ apiKey, timeoutMs, fetchImpl });
+                break;
+            case 'openai':
+                if (!apiKey)
+                    return fallbackFor('openai', 'no API key');
+                raws = await fetchOpenAICompat('https://api.openai.com/v1/models', { apiKey, timeoutMs, fetchImpl });
+                break;
+            case 'groq':
+                if (!apiKey)
+                    return fallbackFor('groq', 'no API key');
+                raws = await fetchOpenAICompat('https://api.groq.com/openai/v1/models', { apiKey, timeoutMs, fetchImpl });
+                break;
+            case 'openrouter':
+                // OpenRouter exposes /models without auth, but auth gives the user's
+                // available subset — we use the public list to populate the picker.
+                raws = await fetchOpenAICompat('https://openrouter.ai/api/v1/models', { apiKey: apiKey || 'anon', timeoutMs, fetchImpl });
+                break;
+            case 'gemini':
+                if (!apiKey)
+                    return fallbackFor('gemini', 'no API key');
+                raws = await fetchGemini({ apiKey, timeoutMs, fetchImpl });
+                break;
+            case 'ollama':
+                raws = await fetchOllama(opts.baseUrl ?? 'http://localhost:11434', { timeoutMs, fetchImpl });
+                break;
+            default:
+                // Every other provider — together, nvidia, deepseek, mistral, custom,
+                // claude-pro, chatgpt-plus, etc. — uses the curated catalog.
+                return fallbackFor(opts.providerId);
+        }
+        const models = normalise(opts.providerId, raws);
+        if (models.length === 0)
+            return fallbackFor(opts.providerId, 'empty live response');
+        return { models, source: 'live' };
+    }
+    catch (err) {
+        const reason = err instanceof Error ? err.message : String(err);
+        return fallbackFor(opts.providerId, reason);
+    }
+}

package/dist/core/v4/providers/probe.js

@@ -0,0 +1,275 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/providers/probe.ts — ONB1 slice 7.
+ *
+ * Three-step connection validator run after the user enters an API
+ * key during the onboarding flow. Replaces the wizard's single
+ * `validateProviderKey` round-trip with discrete probes so the user
+ * sees exactly which capability fails:
+ *
+ *   Step 1  Sending test request    → key + auth header accepted
+ *   Step 2  Verifying model access  → chosen model is reachable
+ *   Step 3  Checking tool calls     → tool_use is supported
+ *
+ * Each step returns a `ProbeStepResult` independently; the runner
+ * stops on the first failure. The error envelope is categorised so
+ * the UX can branch: auth → "key was rejected"; rate-limit → "wait
+ * or try another provider"; model-not-found → "model not on this
+ * key's allow-list"; network → "couldn't reach API".
+ *
+ * No client-side cost: each probe uses the cheapest call available
+ * (max_tokens=1, GET /models, or a no-op tool-definition send).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runProbe = runProbe;
+const DEFAULT_TIMEOUT_MS = 8000;
+function withTimeout(p, ms) {
+    return new Promise((resolve, reject) => {
+        const t = setTimeout(() => reject(Object.assign(new Error(`timed out after ${ms}ms`), { code: 'TIMEOUT' })), ms);
+        p.then((v) => { clearTimeout(t); resolve(v); }, (e) => { clearTimeout(t); reject(e); });
+    });
+}
+function classifyStatus(status, retryAfter) {
+    if (status === 401 || status === 403)
+        return { category: 'auth', reason: 'API key rejected' };
+    if (status === 404)
+        return { category: 'model-not-found', reason: 'Model not on this key\'s allow-list' };
+    if (status === 429) {
+        const sec = retryAfter ? parseInt(retryAfter, 10) : undefined;
+        return { category: 'rate-limit', reason: 'Rate-limited by provider', retryAfterSec: Number.isFinite(sec ?? NaN) ? sec : undefined };
+    }
+    if (status >= 500)
+        return { category: 'network', reason: `Upstream error (HTTP ${status})` };
+    return { category: 'unknown', reason: `HTTP ${status}` };
+}
+function classifyError(err) {
+    if (err && typeof err === 'object') {
+        const e = err;
+        if (e.code === 'TIMEOUT' || e.name === 'AbortError')
+            return { category: 'network', reason: 'Request timed out' };
+        const msg = e.message ?? String(err);
+        return { category: 'network', reason: msg.length > 160 ? msg.slice(0, 157) + '...' : msg };
+    }
+    return { category: 'unknown', reason: String(err) };
+}
+/**
+ * Step 1 — key works. Cheapest GET we can issue per provider; for
+ * Anthropic we POST a 1-token /v1/messages because they don't expose
+ * a no-auth /models for keys without billing.
+ */
+function buildAuthRequest(o) {
+    const apiKey = o.apiKey;
+    switch (o.providerId) {
+        case 'anthropic':
+            return {
+                url: 'https://api.anthropic.com/v1/models',
+                method: 'GET',
+                headers: { 'x-api-key': apiKey, 'anthropic-version': '2023-06-01' },
+            };
+        case 'openai':
+            return { url: 'https://api.openai.com/v1/models', method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        case 'groq':
+            return { url: 'https://api.groq.com/openai/v1/models', method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        case 'openrouter':
+            return { url: 'https://openrouter.ai/api/v1/auth/key', method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        case 'gemini':
+            return { url: `https://generativelanguage.googleapis.com/v1beta/models?key=${encodeURIComponent(apiKey)}`, method: 'GET', headers: {} };
+        case 'together':
+            return { url: 'https://api.together.xyz/v1/models', method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        case 'nvidia':
+            return { url: 'https://integrate.api.nvidia.com/v1/models', method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        case 'ollama': {
+            const root = (o.baseUrl ?? 'http://localhost:11434').replace(/\/+$/, '');
+            return { url: `${root}/api/tags`, method: 'GET', headers: {} };
+        }
+        case 'custom': {
+            const root = (o.baseUrl ?? '').replace(/\/+$/, '');
+            if (!root)
+                return null;
+            return { url: `${root}/models`, method: 'GET', headers: { Authorization: `Bearer ${apiKey}` } };
+        }
+        default:
+            return null;
+    }
+}
+/**
+ * Step 2 — model access. Re-uses the models list from step 1 when
+ * possible (single GET), but issues a 1-token completion when the
+ * provider's /models is incomplete (Anthropic returns paginated;
+ * Ollama returns local tags only). The runner caches the step-1
+ * body so step 2 doesn't double-fetch.
+ */
+function buildModelCheckRequest(o) {
+    switch (o.providerId) {
+        case 'anthropic':
+            return {
+                url: 'https://api.anthropic.com/v1/messages',
+                method: 'POST',
+                headers: {
+                    'x-api-key': o.apiKey,
+                    'anthropic-version': '2023-06-01',
+                    'content-type': 'application/json',
+                },
+                body: JSON.stringify({ model: o.modelId, max_tokens: 1, messages: [{ role: 'user', content: 'ping' }] }),
+            };
+        default:
+            // For OpenAI-compatible providers we trust the /models list parsed
+            // in step 1. The runner short-circuits and just checks membership.
+            return null;
+    }
+}
+function buildToolCheckRequest(o) {
+    switch (o.providerId) {
+        case 'anthropic':
+            return {
+                url: 'https://api.anthropic.com/v1/messages',
+                method: 'POST',
+                headers: { 'x-api-key': o.apiKey, 'anthropic-version': '2023-06-01', 'content-type': 'application/json' },
+                body: JSON.stringify({
+                    model: o.modelId,
+                    max_tokens: 1,
+                    tools: [{ name: 'noop', description: 'noop', input_schema: { type: 'object', properties: {} } }],
+                    messages: [{ role: 'user', content: 'noop' }],
+                }),
+            };
+        case 'openai':
+        case 'groq':
+        case 'openrouter':
+        case 'together':
+        case 'nvidia':
+            return {
+                url: o.providerId === 'openai'
+                    ? 'https://api.openai.com/v1/chat/completions'
+                    : o.providerId === 'groq'
+                        ? 'https://api.groq.com/openai/v1/chat/completions'
+                        : o.providerId === 'openrouter'
+                            ? 'https://openrouter.ai/api/v1/chat/completions'
+                            : o.providerId === 'together'
+                                ? 'https://api.together.xyz/v1/chat/completions'
+                                : 'https://integrate.api.nvidia.com/v1/chat/completions',
+                method: 'POST',
+                headers: { Authorization: `Bearer ${o.apiKey}`, 'content-type': 'application/json' },
+                body: JSON.stringify({
+                    model: o.modelId,
+                    max_tokens: 1,
+                    messages: [{ role: 'user', content: 'noop' }],
+                    tools: [{ type: 'function', function: { name: 'noop', parameters: { type: 'object', properties: {} } } }],
+                }),
+            };
+        default:
+            // Local (Ollama) and providers without tool_use support — skip.
+            return null;
+    }
+}
+async function runRequest(req, o) {
+    const fetchImpl = o.fetchImpl ?? fetch;
+    const timeoutMs = o.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const res = await withTimeout(fetchImpl(req.url, {
+        method: req.method,
+        headers: req.headers,
+        body: req.body,
+    }), timeoutMs);
+    const retryAfter = res.headers.get('retry-after');
+    const bodyText = await res.text().catch(() => '');
+    return { status: res.status, bodyText, retryAfter };
+}
+/**
+ * Run the 3-step probe. Stops on first failure and returns the
+ * partial trace so the UX can render which step turned red.
+ */
+async function runProbe(o) {
+    const steps = [];
+    // Step 1 — auth
+    const authReq = buildAuthRequest(o);
+    let modelsBody = '';
+    if (!authReq) {
+        steps.push({ step: 'auth', ok: false, category: 'unknown', reason: 'No probe endpoint for this provider' });
+        return { ok: false, steps };
+    }
+    try {
+        const r = await runRequest(authReq, o);
+        if (r.status >= 200 && r.status < 300) {
+            steps.push({ step: 'auth', ok: true });
+            modelsBody = r.bodyText;
+        }
+        else {
+            const cls = classifyStatus(r.status, r.retryAfter);
+            steps.push({ step: 'auth', ok: false, ...cls });
+            return { ok: false, steps };
+        }
+    }
+    catch (err) {
+        steps.push({ step: 'auth', ok: false, ...classifyError(err) });
+        return { ok: false, steps };
+    }
+    // Step 2 — model access
+    const modelReq = buildModelCheckRequest(o);
+    if (modelReq) {
+        // Provider needs a real completion call (e.g. Anthropic).
+        try {
+            const r = await runRequest(modelReq, o);
+            if (r.status >= 200 && r.status < 300) {
+                steps.push({ step: 'model', ok: true });
+            }
+            else {
+                const cls = classifyStatus(r.status, r.retryAfter);
+                steps.push({ step: 'model', ok: false, ...cls });
+                return { ok: false, steps };
+            }
+        }
+        catch (err) {
+            steps.push({ step: 'model', ok: false, ...classifyError(err) });
+            return { ok: false, steps };
+        }
+    }
+    else {
+        // OpenAI-compatible: check membership in the /models body from step 1.
+        let found = false;
+        try {
+            const body = JSON.parse(modelsBody);
+            found = !!body.data?.some((m) => m.id === o.modelId);
+        }
+        catch { /* malformed body — treat as unknown */ }
+        if (found) {
+            steps.push({ step: 'model', ok: true });
+        }
+        else {
+            steps.push({ step: 'model', ok: false, category: 'model-not-found', reason: `Model '${o.modelId}' not in this key's catalog` });
+            return { ok: false, steps };
+        }
+    }
+    // Step 3 — tool support
+    const toolReq = buildToolCheckRequest(o);
+    if (!toolReq) {
+        steps.push({ step: 'tools', ok: true });
+        return { ok: true, steps };
+    }
+    try {
+        const r = await runRequest(toolReq, o);
+        if (r.status >= 200 && r.status < 300) {
+            steps.push({ step: 'tools', ok: true });
+            return { ok: true, steps };
+        }
+        // 400 with a body that mentions tools is the typical "model doesn't
+        // support tool_use" signature — we categorise as tool-unsupported
+        // rather than generic auth.
+        if (r.status === 400 && /tool/i.test(r.bodyText)) {
+            steps.push({ step: 'tools', ok: false, category: 'tool-unsupported', reason: 'Model does not support tool calls' });
+        }
+        else {
+            const cls = classifyStatus(r.status, r.retryAfter);
+            steps.push({ step: 'tools', ok: false, ...cls });
+        }
+        return { ok: false, steps };
+    }
+    catch (err) {
+        steps.push({ step: 'tools', ok: false, ...classifyError(err) });
+        return { ok: false, steps };
+    }
+}

package/dist/core/v4/sandboxFs.js

@@ -94,7 +94,7 @@ function expandPathInline(input, cwd) {
 }
 /**
  * Boundary-aware containment check. `path.relative` avoids the
- * `/home/user-evil` vs `/home/user` false positive that a naive
+ * `<root>/user-evil` vs `<root>/user` false positive that a naive
  * `startsWith` would produce.
  */
 function isWithin(child, parent) {

package/dist/core/v4/subagent/childBuilder.js

@@ -33,6 +33,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ProviderNotFoundError = exports.SUBAGENT_BLOCKED_TOOL_NAMES = void 0;
 exports.buildChildAgent = buildChildAgent;
 const approvalEngine_1 = require("../../../moat/approvalEngine");
+const honestyEnforcement_1 = require("../../../moat/honestyEnforcement");
 const aidenAgent_1 = require("../aidenAgent");
 const providerFallback_1 = require("../providerFallback");
 // ── Hard-coded blocklist (Q5 from design doc §2) ────────────────────────────
@@ -177,10 +178,16 @@ function buildChildAgent(deps, input) {
     // Pure no-op when runStore is absent (unit tests of buildChildAgent).
     const onToolCall = buildOnToolCall(deps);
     // ── 7. Build the child agent ─────────────────────────────────────────────
-    // Focused worker config: omit plannerGuard, honestyEnforcement,
-    // skillTeacher, skillMiner, contextCompressor, promptCaching,
-    // promptBuilder. Match the daemon agent's "act on the task, don't
-    // self-improve" shape.
+    // Focused worker config: omit plannerGuard, skillTeacher, skillMiner,
+    // contextCompressor, promptCaching, promptBuilder. Match the daemon
+    // agent's "act on the task, don't self-improve" shape.
+    //
+    // v4.7.0: HonestyEnforcement is now structural (reads tool trace only,
+    // no natural-language scanning) and cheap enough to run in subagents.
+    // Mode is 'detect' here — events are captured into the child's run
+    // record but never produce user-visible output (subagents have no
+    // chat surface; the parent assembles their summary).
+    const childHonestyEnforcement = new honestyEnforcement_1.HonestyEnforcement('detect');
     const agent = new aidenAgent_1.AidenAgent({
         provider: childProvider,
         tools: childTools,
@@ -192,6 +199,7 @@ function buildChildAgent(deps, input) {
         resolveVerifiedFlag: deps.resolveVerifiedFlag,
         resolveToolset: deps.resolveToolset,
         resolveMutates: deps.resolveMutates,
+        honestyEnforcement: childHonestyEnforcement,
         onToolCall,
         // iterationBudgetInjection inherits the default (true) — child
         // sees its own remaining-budget hint near the end of the run.