create-walle 0.9.21 → 0.9.22

package/template/wall-e/coding-orchestrator.js

@@ -486,6 +486,78 @@ function parsePlan(output) {
   throw new Error('Failed to parse plan: no valid JSON with non-empty subtasks array found');
 }
 
+function safeBranchSlug(text, fallback = 'task') {
+  const slug = String(text || '')
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, '-')
+    .replace(/^-+|-+$/g, '')
+    .slice(0, 48);
+  return slug || fallback;
+}
+
+function plannerOutputRequestsClarification(output = '') {
+  const text = contentToText(output).toLowerCase();
+  if (!text.trim()) return false;
+  return /\b(?:please|can you|could you)\s+(?:provide|clarify|tell me|share)\b/.test(text)
+    || /\b(?:need|needs|require|required)\s+(?:more|additional)\s+(?:information|context|details)\b/.test(text)
+    || /\b(?:which|what)\s+(?:file|directory|project|repo|repository|path)\b[\s\S]{0,120}\?/.test(text);
+}
+
+function plannerOutputRefusesTask(output = '') {
+  const text = contentToText(output).toLowerCase();
+  if (!text.trim()) return false;
+  return /\b(?:i\s+)?(?:cannot|can't|unable to|not able to)\b[\s\S]{0,160}\b(?:help|comply|perform|complete|do this task)\b/.test(text)
+    || /\b(?:unsafe|not allowed|forbidden|against policy)\b/.test(text);
+}
+
+function shouldRecoverPlannerParseFailure({ request, output, cwd } = {}) {
+  const requestText = contentToText(request);
+  if (!isActionRequiredPrompt(requestText, { mode: 'build' })) return false;
+  if (!cwd) return false;
+  const outputText = contentToText(output);
+  if (plannerOutputRequestsClarification(outputText)) return false;
+  if (plannerOutputRefusesTask(outputText)) return false;
+  return true;
+}
+
+function buildPlannerRecoveryPlan(request, context = {}, parseErr, plannerOutput = '') {
+  const filesHint = Object.keys(context.relevantFiles || {}).slice(0, 12);
+  const plannerNotes = [
+    context.plannerNotes ? `Planner exploration notes:\n${String(context.plannerNotes).slice(0, 2400)}` : '',
+    plannerOutput ? `Unstructured planner output excerpt:\n${contentToText(plannerOutput).slice(0, 1600)}` : '',
+  ].filter(Boolean).join('\n\n');
+  const promptLines = [
+    'The planning model failed to return the strict JSON plan, so this is a recovery build pass.',
+    'Do not stop at analysis, an audit, or another implementation plan.',
+    'Inspect the current workspace, make the concrete code/file changes requested by the user, then run the most relevant verification available.',
+    'If verification is blocked, provide tool-backed evidence of the blocker instead of claiming success.',
+    '',
+    `User request:\n${contentToText(request).trim()}`,
+  ];
+  if (plannerNotes) {
+    promptLines.push('', plannerNotes);
+  }
+  if (parseErr?.message) {
+    promptLines.push('', `Planner failure: ${parseErr.message}`);
+  }
+  return {
+    branch_name: `walle/direct-${safeBranchSlug(request)}`,
+    estimated_scope: 'recovered-single-pass',
+    planning_recovery: {
+      strategy: 'single_build_subtask',
+      reason: parseErr?.message || 'planner did not return valid plan JSON',
+    },
+    subtasks: [{
+      id: '1',
+      title: 'Implement request directly',
+      prompt: promptLines.join('\n'),
+      depends_on: [],
+      verify: { test: true, review: true },
+      files_hint: filesHint,
+    }],
+  };
+}
+
 // buildSubtaskPrompt moved to coding-prompts.js (imported above).
 
 function contentToText(content) {
@@ -605,8 +677,16 @@ function isActionRequiredPrompt(prompt, { mode } = {}) {
 function isPrematureActionResponse(content) {
   const text = contentToText(content);
   if (!text.trim()) return false;
+  if (/\btool budget exhausted\b/i.test(text)) return true;
+  if (/\bwhat was not completed\b/i.test(text)) return true;
+  if (/\bnone of the proposed implementations were written\b/i.test(text)) return true;
+  if (/\bno changes were made\b/i.test(text) && /\b(?:not completed|failed|exhausted|recovery path)\b/i.test(text)) return true;
   if (PROSPECTIVE_WORK_RE.test(text)) return true;
   if (/\bwhat['’]?s wrong\b[\s\S]{0,400}\bfix:/i.test(text)) return true;
+  if (/\b(?:should i|shall i|do you want me to)\s+(?:proceed|continue|apply|implement|make|start|do)\b/i.test(text)) return true;
+  if (/\byour call\b[\s\S]{0,220}\b(?:proceed|continue|phase|prioriti[sz]e|pick|choose|apply|implement)\b/i.test(text)) return true;
+  if (/\b(?:implementation|fix|improvement)\s+plan\b/i.test(text)
+    && /\b(?:next steps?|recommendations?|roadmap|proceed|continue|apply|implement)\b/i.test(text)) return true;
   return false;
 }
 
@@ -2747,20 +2827,34 @@ async function plan(request, cwd, options = {}) {
     if (!result.success) {
       parseErr.message = `Planning failed before producing valid JSON (${result.stderr || 'provider error'}): ${parseErr.message}`;
     }
-    if (process.env.WALLE_PLAN_DEBUG) {
-      const dumpPath = path.join(
-        process.env.WALL_E_DATA_DIR || '/tmp',
-        `planner-debug-${Date.now()}.txt`,
-      );
-      try {
-        fs.writeFileSync(
-          dumpPath,
-          `=== prompt ===\n${prompt}\n\n=== output ===\n${result.output || ''}\n\n=== outputRaw ===\n${result.outputRaw || ''}\n`,
+    if (shouldRecoverPlannerParseFailure({ request, output: result.output, cwd })) {
+      if (onProgress) {
+        onProgress({
+          type: 'planning_recovery',
+          phase: 'planning',
+          step: -1,
+          message: 'Planner returned unstructured output; recovering with a direct implementation subtask.',
+          detail: { reason: parseErr.message },
+        });
+      }
+      planObj = buildPlannerRecoveryPlan(request, context, parseErr, result.output);
+      config._planningRecovery = planObj.planning_recovery;
+    } else {
+      if (process.env.WALLE_PLAN_DEBUG) {
+        const dumpPath = path.join(
+          process.env.WALL_E_DATA_DIR || '/tmp',
+          `planner-debug-${Date.now()}.txt`,
         );
-        parseErr.message += ` (planner debug dumped to ${dumpPath})`;
-      } catch {}
+        try {
+          fs.writeFileSync(
+            dumpPath,
+            `=== prompt ===\n${prompt}\n\n=== output ===\n${result.output || ''}\n\n=== outputRaw ===\n${result.outputRaw || ''}\n`,
+          );
+          parseErr.message += ` (planner debug dumped to ${dumpPath})`;
+        } catch {}
+      }
+      throw parseErr;
     }
-    throw parseErr;
   }
 
   // Enforce max_subtasks

package/template/wall-e/http/model-admin.js

@@ -5,6 +5,10 @@ const path = require('path');
 const http = require('http');
 const { execFile, execFileSync } = require('child_process');
 const { jsonResponse: _jsonResponseDataFirst } = require('./api-utils');
+const {
+  isPortkeyProviderRow,
+  syncPortkeyGatewayModels,
+} = require('../llm/portkey-sync');
 
 let brain = null;
 try { brain = require('../brain'); } catch {}
@@ -90,13 +94,61 @@ function getShellEnvValue(name) {
 
 function getProviderWithMeta(brainApi, provider) {
   const full = brainApi.getModelProviderWithKey(provider.id);
+  const routePolicy = typeof brainApi.getProviderRoutePolicy === 'function'
+    ? brainApi.getProviderRoutePolicy(provider.type)
+    : 'auto';
+  const connectionKind = isPortkeyProviderRow(full || provider) ? 'portkey' : (provider.auth_method && provider.auth_method !== 'api_key' ? provider.auth_method : 'direct');
   return {
     ...provider,
     has_key: !!(full && full.api_key_encrypted),
     is_default_instance: provider.id.endsWith('-default') || provider.id.endsWith('-auto'),
+    connection_kind: connectionKind,
+    route_policy: routePolicy,
   };
 }
 
+function buildGatewaySummary(brainApi) {
+  const providers = brainApi.listModelProviders().map((provider) => {
+    const full = brainApi.getModelProviderWithKey(provider.id) || provider;
+    return { ...provider, ...full };
+  });
+  const portkeyRoutes = providers.filter(isPortkeyProviderRow);
+  const providerTypes = Array.from(new Set(portkeyRoutes.map((route) => route.type))).sort();
+  const routes = portkeyRoutes.map((route) => {
+    const models = brainApi.listModelsByProvider(route.id) || [];
+    return {
+      id: route.id,
+      name: route.name,
+      type: route.type,
+      enabled: route.enabled,
+      model_count: models.length,
+      route_policy: typeof brainApi.getProviderRoutePolicy === 'function' ? brainApi.getProviderRoutePolicy(route.type) : 'auto',
+    };
+  });
+  const policies = {};
+  for (const type of providerTypes) {
+    policies[type] = typeof brainApi.getProviderRoutePolicy === 'function' ? brainApi.getProviderRoutePolicy(type) : 'auto';
+  }
+  const lastSuccess = brainApi.getKv?.('model_gateway_sync:portkey:last_success_at') || '';
+  const lastRun = brainApi.getKv?.('model_gateway_sync:portkey:last_run_at') || '';
+  const lastError = brainApi.getKv?.('model_gateway_sync:portkey:last_error') || '';
+  return [{
+    type: 'portkey',
+    name: 'Portkey Gateway',
+    enabled: portkeyRoutes.some((route) => route.enabled !== 0),
+    route_count: routes.length,
+    provider_count: providerTypes.length,
+    model_count: routes.reduce((sum, route) => sum + route.model_count, 0),
+    provider_types: providerTypes,
+    routes,
+    policies,
+    last_success_at: lastSuccess,
+    last_run_at: lastRun,
+    last_error: lastError,
+    next_sync_hint: 'hourly',
+  }];
+}
+
 async function handleAvailableAgents(req, res) {
   const agents = ['claude', 'codex', 'gemini'];
   const result = {};
@@ -157,6 +209,85 @@ async function handleModelAdminApi(req, res, url) {
     }
   }
 
+  if (p === '/api/models/gateways' && m === 'GET') {
+    if (!brainApi) return jsonResponse(res, 500, { error: 'Wall-E brain not available' });
+    try {
+      return jsonResponse(res, 200, { gateways: buildGatewaySummary(brainApi) });
+    } catch (e) {
+      return jsonResponse(res, 500, { error: e.message });
+    }
+  }
+
+  if (p === '/api/models/provider-route-policy' && m === 'POST') {
+    if (!brainApi) return jsonResponse(res, 500, { error: 'Wall-E brain not available' });
+    try {
+      const body = await readSmallJsonBody(req);
+      const result = brainApi.setProviderRoutePolicy({ type: body.type, policy: body.policy });
+      return jsonResponse(res, 200, { ok: true, ...result });
+    } catch (e) {
+      return jsonResponse(res, 400, { error: e.message });
+    }
+  }
+
+  if (p === '/api/models/portkey/sync' && m === 'POST') {
+    if (!brainApi) return jsonResponse(res, 500, { error: 'Wall-E brain not available' });
+    try {
+      const body = await readSmallJsonBody(req);
+      const result = await syncPortkeyGatewayModels({ brainApi, providerId: body.provider_id || body.providerId || null });
+      return jsonResponse(res, result.errors.length ? 207 : 200, { ok: result.errors.length === 0, ...result });
+    } catch (e) {
+      return jsonResponse(res, 400, { error: e.message });
+    }
+  }
+
+  if (p === '/api/models/portkey/apply-all' && m === 'POST') {
+    if (!brainApi) return jsonResponse(res, 500, { error: 'Wall-E brain not available' });
+    try {
+      const providers = brainApi.listModelProviders()
+        .map((provider) => brainApi.getModelProviderWithKey(provider.id) || provider)
+        .filter(isPortkeyProviderRow);
+      const types = Array.from(new Set(providers.map((provider) => provider.type))).sort();
+      for (const type of types) brainApi.setProviderRoutePolicy({ type, policy: 'portkey' });
+      return jsonResponse(res, 200, { ok: true, gateway: 'portkey', provider_types: types });
+    } catch (e) {
+      return jsonResponse(res, 400, { error: e.message });
+    }
+  }
+
+  if (p === '/api/models/portkey/disable-default' && m === 'POST') {
+    if (!brainApi) return jsonResponse(res, 500, { error: 'Wall-E brain not available' });
+    try {
+      const providers = brainApi.listModelProviders()
+        .map((provider) => brainApi.getModelProviderWithKey(provider.id) || provider)
+        .filter(isPortkeyProviderRow);
+      const types = Array.from(new Set(providers.map((provider) => provider.type))).sort();
+      for (const type of types) brainApi.setProviderRoutePolicy({ type, policy: 'auto' });
+      return jsonResponse(res, 200, { ok: true, gateway: 'portkey', provider_types: types });
+    } catch (e) {
+      return jsonResponse(res, 400, { error: e.message });
+    }
+  }
+
+  if (p === '/api/models/gateways/portkey' && m === 'DELETE') {
+    if (!brainApi) return jsonResponse(res, 500, { error: 'Wall-E brain not available' });
+    try {
+      const providers = brainApi.listModelProviders()
+        .map((provider) => brainApi.getModelProviderWithKey(provider.id) || provider)
+        .filter(isPortkeyProviderRow);
+      const types = Array.from(new Set(providers.map((provider) => provider.type)));
+      let deletedProviders = 0;
+      let deletedModels = 0;
+      for (const provider of providers) {
+        deletedModels += brainApi.deleteModelRegistryByProvider(provider.id) || 0;
+        deletedProviders += brainApi.deleteModelProvider(provider.id) || 0;
+      }
+      for (const type of types) brainApi.setProviderRoutePolicy({ type, policy: 'auto' });
+      return jsonResponse(res, 200, { ok: true, gateway: 'portkey', deleted_providers: deletedProviders, deleted_models: deletedModels });
+    } catch (e) {
+      return jsonResponse(res, 400, { error: e.message });
+    }
+  }
+
   if (p === '/api/models/providers' && m === 'POST') {
     if (!brainApi) return jsonResponse(res, 500, { error: 'Wall-E brain not available' });
     try {

package/template/wall-e/lib/service-health.js

@@ -0,0 +1,194 @@
+'use strict';
+
+const TRANSIENT_PROVIDER_ISSUE_MAX_AGE_MS = 6 * 60 * 60 * 1000;
+
+function asTime(value) {
+  const t = value ? Date.parse(value) : NaN;
+  return Number.isFinite(t) ? t : 0;
+}
+
+function normalizedProviderIssue(alert) {
+  if (!alert || typeof alert !== 'object') return null;
+  const issue = alert.providerError || alert.provider_error || {};
+  const type = String(issue.type || alert.type || '').toLowerCase();
+  const service = String(alert.service || '').toLowerCase();
+  const looksProvider = service === 'ai_provider' || type.startsWith('ai_provider') || !!alert.provider || !!issue.provider;
+  if (!looksProvider) return null;
+  return {
+    id: alert.id || '',
+    type: issue.type || alert.type || 'provider_error',
+    severity: issue.severity || alert.severity || 'error',
+    title: issue.title || alert.title || 'AI provider issue',
+    message: issue.userMessage || issue.message || alert.message || 'Wall-E could not get a provider response.',
+    provider: issue.provider || alert.provider || '',
+    model: issue.model || alert.model || '',
+    status: issue.status || alert.status || '',
+    rawMessage: issue.rawMessage || issue.raw_message || alert.rawMessage || '',
+    actionUrl: issue.actionUrl || issue.action_url || alert.action_url || '/setup.html',
+    actionLabel: issue.actionLabel || issue.action_label || alert.action_label || 'Open Setup',
+    created_at: alert.created_at || issue.createdAt || issue.created_at || '',
+  };
+}
+
+function providerMatches(issue, activeProvider, activeModel) {
+  if (!issue) return false;
+  const provider = String(issue.provider || '').toLowerCase();
+  const model = String(issue.model || '').toLowerCase();
+  const ap = String(activeProvider || '').toLowerCase();
+  const am = String(activeModel || '').toLowerCase();
+  if (ap && provider && provider === ap) return true;
+  if (am && model && model === am) return true;
+  return !ap && !am;
+}
+
+function isStickyProviderIssue(issue) {
+  const text = `${issue.type || ''} ${issue.title || ''} ${issue.message || ''}`.toLowerCase();
+  return /auth|quota|billing|credit|insufficient|invalid|forbidden|unauthorized|permission/.test(text);
+}
+
+function isCurrentProviderIssue(issue, opts, nowMs) {
+  if (!providerMatches(issue, opts.activeProvider, opts.activeModel)) return false;
+  if (isStickyProviderIssue(issue)) return true;
+  const created = asTime(issue.created_at);
+  if (!created) return true;
+  return nowMs - created <= (opts.transientProviderMaxAgeMs || TRANSIENT_PROVIDER_ISSUE_MAX_AGE_MS);
+}
+
+function skillNameFromAlert(alert) {
+  if (!alert) return '';
+  if (alert.skill) return String(alert.skill);
+  const service = String(alert.service || '');
+  if (service && service !== 'ai_provider' && service !== 'system') return service;
+  const msg = String(alert.message || '');
+  const quoted = msg.match(/Skill\s+"([^"]+)"/i);
+  if (quoted) return quoted[1];
+  const named = msg.match(/Skill\s+([A-Za-z0-9_.-]+)/i);
+  return named ? named[1] : '';
+}
+
+function isDisabledSkillAlert(alert) {
+  return !!alert && String(alert.type || '').toLowerCase() === 'skill_disabled';
+}
+
+function isIntegrationAlert(alert) {
+  if (!alert || isDisabledSkillAlert(alert)) return false;
+  const type = String(alert.type || '').toLowerCase();
+  const action = String(alert.action || '').toLowerCase();
+  const text = [alert.service, alert.message, alert.integration].filter(Boolean).join(' ').toLowerCase();
+  if (action === 'gws_reauth' || action === 'repair_slack_owner') return true;
+  if (type === 'auth_expired' || type === 'owner_identity_missing') return true;
+  return /(slack|gws|google|gmail|calendar|drive|oauth)/.test(text)
+    && /(auth|reauth|reconnect|expired|token|owner)/.test(text);
+}
+
+function publicAlert(alert) {
+  return {
+    id: alert.id || '',
+    service: alert.service || '',
+    type: alert.type || '',
+    title: alert.title || '',
+    message: alert.message || '',
+    severity: alert.severity || '',
+    action: alert.action || '',
+    action_label: alert.action_label || '',
+    action_url: alert.action_url || '',
+    created_at: alert.created_at || '',
+  };
+}
+
+function summarizeProviderIssue(issue, nowMs) {
+  const created = asTime(issue.created_at);
+  return {
+    id: issue.id,
+    type: issue.type,
+    severity: issue.severity,
+    title: issue.title,
+    message: issue.message,
+    provider: issue.provider,
+    model: issue.model,
+    status: issue.status,
+    action_url: issue.actionUrl,
+    action_label: issue.actionLabel,
+    created_at: issue.created_at,
+    age_ms: created ? Math.max(0, nowMs - created) : null,
+  };
+}
+
+function buildServiceHealth(alerts, options = {}) {
+  const list = Array.isArray(alerts) ? alerts.filter(Boolean) : [];
+  const nowMs = options.nowMs || Date.now();
+  const providerIssues = list
+    .map(normalizedProviderIssue)
+    .filter(Boolean)
+    .sort((a, b) => asTime(b.created_at) - asTime(a.created_at));
+
+  const currentIssue = providerIssues.find((issue) => isCurrentProviderIssue(issue, options, nowMs)) || null;
+  const currentIssueId = currentIssue && currentIssue.id;
+  const providerHistory = providerIssues
+    .filter((issue) => issue.id !== currentIssueId)
+    .map((issue) => summarizeProviderIssue(issue, nowMs));
+
+  const disabledSkills = list.filter(isDisabledSkillAlert).map((alert) => ({
+    ...publicAlert(alert),
+    skill: skillNameFromAlert(alert),
+  }));
+  const integrationAlerts = list
+    .filter((alert) => !normalizedProviderIssue(alert) && !isDisabledSkillAlert(alert) && isIntegrationAlert(alert))
+    .map(publicAlert);
+  const systemAlerts = list
+    .filter((alert) => !normalizedProviderIssue(alert) && !isDisabledSkillAlert(alert) && !isIntegrationAlert(alert))
+    .map(publicAlert);
+
+  let level = 'ok';
+  if (currentIssue) level = currentIssue.severity === 'warning' ? 'warning' : 'error';
+  else if (integrationAlerts.length || disabledSkills.length || systemAlerts.some((a) => a.severity === 'error')) level = 'warning';
+  else if (providerHistory.length || systemAlerts.length) level = 'info';
+
+  const activeLabel = [options.activeProvider, options.activeModel].filter(Boolean).join(' / ');
+  let title = 'Wall-E services healthy';
+  let message = activeLabel ? `${activeLabel} has no current service blocker.` : 'No current service blocker.';
+  if (currentIssue) {
+    title = currentIssue.title || 'Current provider issue';
+    message = currentIssue.message;
+  } else if (integrationAlerts.length || disabledSkills.length) {
+    title = 'Background services need review';
+    const parts = [];
+    if (disabledSkills.length) parts.push(`${disabledSkills.length} disabled skill${disabledSkills.length === 1 ? '' : 's'}`);
+    if (integrationAlerts.length) parts.push(`${integrationAlerts.length} integration alert${integrationAlerts.length === 1 ? '' : 's'}`);
+    message = parts.join(' and ') + '.';
+  } else if (providerHistory.length || systemAlerts.length) {
+    title = 'Older service history';
+    message = 'No current blocker, but older provider or system alerts are available for review.';
+  }
+
+  return {
+    level,
+    title,
+    message,
+    active_provider: {
+      provider: options.activeProvider || '',
+      model: options.activeModel || '',
+    },
+    current_issue: currentIssue ? summarizeProviderIssue(currentIssue, nowMs) : null,
+    disabled_skills: disabledSkills,
+    integration_alerts: integrationAlerts,
+    provider_history: providerHistory,
+    system_alerts: systemAlerts,
+    counts: {
+      total: list.length,
+      current: currentIssue ? 1 : 0,
+      disabled_skills: disabledSkills.length,
+      integration: integrationAlerts.length,
+      provider_history: providerHistory.length,
+      system: systemAlerts.length,
+    },
+    updated_at: new Date(nowMs).toISOString(),
+  };
+}
+
+module.exports = {
+  buildServiceHealth,
+  normalizedProviderIssue,
+  skillNameFromAlert,
+  TRANSIENT_PROVIDER_ISSUE_MAX_AGE_MS,
+};

package/template/wall-e/llm/anthropic.js

@@ -3,6 +3,7 @@
 const Anthropic = require('@anthropic-ai/sdk');
 const { fetchWithRetry } = require('./retry');
 const { filterToSupportedModels, supportedModelsForProvider } = require('./supported-models');
+const { isPortkeyProviderConfig } = require('./portkey');
 
 // ============================================================
 // Environment configuration
@@ -249,6 +250,11 @@ function createAnthropicProvider(config = {}) {
      */
     async listModels(options = {}) {
       const exact = Boolean(options.exact || options.liveOnly);
+      const includeUnknown = Boolean(
+        options.includeUnknown
+        || options.allowUnknown
+        || isPortkeyProviderConfig({ baseUrl, customHeaders })
+      );
       const configuredHeaders = customHeaders || {};
       const hasHeaderCredential = Boolean(
         configuredHeaders['x-api-key']
@@ -289,6 +295,7 @@ function createAnthropicProvider(config = {}) {
           if (/opus/i.test(id) || /-4-7/.test(id)) capabilities.reasoning = true;
           out.push({ id, name: _prettyAnthropicName(id, m.display_name), capabilities });
         }
+        if (includeUnknown) return out;
         const supported = filterToSupportedModels('anthropic', out);
         return supported.length > 0 ? supported : supportedModelsForProvider('anthropic');
       } catch (err) {

package/template/wall-e/llm/client.js

@@ -159,31 +159,38 @@ function getDefaultClient() {
     }
 
     if (providerType === 'anthropic') {
+      const config = _getProviderConfigFromDb(providerType);
+      const hasSpecificConfig = !!(config.apiKey || config.baseUrl || config.customHeaders);
+      if (hasSpecificConfig) {
+        if (!config.apiKey) config.apiKey = dbKey || process.env.ANTHROPIC_API_KEY || process.env.ANTHROPIC_AUTH_TOKEN;
+        _defaultClient = createClient('anthropic', config);
+        return _defaultClient;
+      }
       // If DB has the key, set it in env so createAnthropicFromEnv picks it up
       if (dbKey && !process.env.ANTHROPIC_API_KEY) process.env.ANTHROPIC_API_KEY = dbKey;
       const fromEnv = providerRegistry.createProviderFromEnv('anthropic');
       _defaultClient = fromEnv || createClient('anthropic', { apiKey: dbKey });
     } else {
-      const config = {};
+      const config = _getProviderConfigFromDb(providerType);
       if (providerType === 'openai') {
-        config.apiKey = dbKey || process.env.OPENAI_API_KEY;
-        if (process.env.OPENAI_BASE_URL) config.baseUrl = process.env.OPENAI_BASE_URL;
+        config.apiKey = config.apiKey || dbKey || process.env.OPENAI_API_KEY;
+        if (!config.baseUrl && process.env.OPENAI_BASE_URL) config.baseUrl = process.env.OPENAI_BASE_URL;
       } else if (providerType === 'google') {
-        config.apiKey = dbKey || process.env.GOOGLE_API_KEY || process.env.GEMINI_API_KEY;
+        config.apiKey = config.apiKey || dbKey || process.env.GOOGLE_API_KEY || process.env.GEMINI_API_KEY;
         if (process.env.GOOGLE_AUTH_MODE === 'oauth') {
           config.authMode = 'oauth';
           config.refreshToken = process.env.GOOGLE_REFRESH_TOKEN;
         }
       } else if (providerType === 'ollama') {
-        if (process.env.OLLAMA_BASE_URL) config.baseUrl = process.env.OLLAMA_BASE_URL;
+        if (!config.baseUrl && process.env.OLLAMA_BASE_URL) config.baseUrl = process.env.OLLAMA_BASE_URL;
       } else if (providerType === 'mlx') {
         if (process.env.MLX_MODEL) config.model = process.env.MLX_MODEL;
       } else if (providerType === 'deepseek') {
-        config.apiKey = dbKey || process.env.DEEPSEEK_API_KEY;
-        if (process.env.DEEPSEEK_BASE_URL) config.baseUrl = process.env.DEEPSEEK_BASE_URL;
+        config.apiKey = config.apiKey || dbKey || process.env.DEEPSEEK_API_KEY;
+        if (!config.baseUrl && process.env.DEEPSEEK_BASE_URL) config.baseUrl = process.env.DEEPSEEK_BASE_URL;
       } else if (providerType === 'moonshot') {
-        config.apiKey = dbKey || process.env.MOONSHOT_API_KEY;
-        if (process.env.MOONSHOT_BASE_URL) config.baseUrl = process.env.MOONSHOT_BASE_URL;
+        config.apiKey = config.apiKey || dbKey || process.env.MOONSHOT_API_KEY;
+        if (!config.baseUrl && process.env.MOONSHOT_BASE_URL) config.baseUrl = process.env.MOONSHOT_BASE_URL;
       }
       _defaultClient = createClient(providerType, config);
     }
@@ -198,13 +205,40 @@ function getDefaultClient() {
 function _getProviderKeyFromDb(type) {
   try {
     const brain = require('../brain');
-    const row = brain.getDb().prepare(
-      'SELECT api_key_encrypted FROM model_providers WHERE type = ? AND enabled = 1 AND api_key_encrypted IS NOT NULL ORDER BY updated_at DESC LIMIT 1'
-    ).get(type);
+    const row = typeof brain.getPreferredModelProviderForType === 'function'
+      ? brain.getPreferredModelProviderForType(type)
+      : brain.getDb().prepare(
+        'SELECT api_key_encrypted FROM model_providers WHERE type = ? AND enabled = 1 AND api_key_encrypted IS NOT NULL ORDER BY updated_at DESC LIMIT 1'
+      ).get(type);
     return row?.api_key_encrypted || null;
   } catch { return null; }
 }
 
+function _parseCustomHeaders(value) {
+  if (!value) return undefined;
+  if (typeof value === 'object' && !Array.isArray(value)) return value;
+  if (typeof value !== 'string') return undefined;
+  try { return JSON.parse(value); } catch { return undefined; }
+}
+
+function _getProviderConfigFromDb(type) {
+  try {
+    const brain = require('../brain');
+    const row = typeof brain.getPreferredModelProviderForType === 'function'
+      ? brain.getPreferredModelProviderForType(type)
+      : null;
+    if (!row) return {};
+    const config = {};
+    if (row.api_key_encrypted) config.apiKey = row.api_key_encrypted;
+    if (row.base_url) config.baseUrl = row.base_url;
+    const customHeaders = _parseCustomHeaders(row.custom_headers);
+    if (customHeaders && Object.keys(customHeaders).length > 0) config.customHeaders = customHeaders;
+    return config;
+  } catch {
+    return {};
+  }
+}
+
 /**
  * Clear the cached default client (for testing or env changes).
  */

package/template/wall-e/llm/openai.js

@@ -2,6 +2,7 @@
 
 const { toOpenAI, messagesToOpenAI, responseFromOpenAI } = require('./tool-adapter');
 const { filterToSupportedModels, supportedModelsForProvider } = require('./supported-models');
+const { isPortkeyProviderConfig } = require('./portkey');
 
 // CTM only exposes the OpenAI models it actually routes/evaluates. The
 // provider /v1/models endpoint includes legacy, audio, realtime, search, and
@@ -98,11 +99,17 @@ function createOpenAIProvider(config = {}) {
     },
 
     /**
-     * List supported OpenAI models. We still ask the API for liveness, but
-     * never surface arbitrary /v1/models ids in the setup UI or registry.
+     * List supported OpenAI models. Direct OpenAI remains constrained to CTM's
+     * supported catalog; Portkey/OpenAI-compatible gateways may surface models
+     * that CTM does not know yet, so callers can import raw gateway ids.
      */
     async listModels(options = {}) {
       const exact = Boolean(options.exact || options.liveOnly);
+      const includeUnknown = Boolean(
+        options.includeUnknown
+        || options.allowUnknown
+        || isPortkeyProviderConfig({ baseUrl, customHeaders })
+      );
       // Skip the API call entirely when the key is a known dummy placeholder
       // (e.g. devbox 'sk-ant-api03-unused'). Avoids 401s and unnecessary
       // network round-trips on first boot before the user configures keys.
@@ -117,6 +124,14 @@ function createOpenAIProvider(config = {}) {
           seen.add(id);
           raw.push({ id });
         }
+        if (includeUnknown) {
+          const supportedById = new Map(supportedModelsForProvider('openai').map((model) => [model.id, model]));
+          return raw.map((model) => supportedById.get(model.id) || {
+            id: model.id,
+            name: model.id,
+            capabilities: ['chat'],
+          });
+        }
         const models = filterToSupportedModels('openai', raw);
         return models.length > 0 ? models : supportedModelsForProvider('openai');
       } catch (err) {