dual-brain 0.2.5 → 0.2.6

package/bin/dual-brain.mjs

@@ -946,9 +946,7 @@ async function cmdStatus(args = []) {
       const archive = replit.getSessionArchive(cwd);
       const archiveCount = Array.isArray(archive) ? archive.length : (archive?.count ?? 0);
       console.log(`  session archive: ${archiveCount} session${archiveCount !== 1 ? 's' : ''}`);
-      const openaiPresent  = replit.hasSecret('OPENAI_API_KEY');
-      const anthropicPresent = replit.hasSecret('ANTHROPIC_API_KEY');
-      console.log(`  secrets       : OPENAI_API_KEY=${openaiPresent ? 'set' : 'unset'}  ANTHROPIC_API_KEY=${anthropicPresent ? 'set' : 'unset'}`);
+      // Subscription-only: no API key secrets to check
     }
   } catch { /* replit.mjs not available or not in Replit — skip silently */ }
 
@@ -1981,13 +1979,9 @@ function buildProviderStatusLine(profile, auth, envReport = null) {
   const GREEN = '\x1b[32m●\x1b[0m';
   const RED   = '\x1b[31m●\x1b[0m';
 
-  // Use envReport secrets when available; fall back to auth detection
-  const claudeAvailable = envReport
-    ? envReport.secrets.ANTHROPIC_API_KEY || auth.claude.found
-    : auth.claude.found;
-  const openaiAvailable = envReport
-    ? envReport.secrets.OPENAI_API_KEY || auth.openai.found
-    : auth.openai.found;
+  // Subscription-only detection — no API key secrets
+  const claudeAvailable = auth.claude.found;
+  const openaiAvailable = auth.openai.found;
 
   const claudeDot = claudeAvailable ? GREEN : RED;
   const openaiDot = openaiAvailable ? GREEN : RED;
@@ -2308,13 +2302,9 @@ async function mainScreen(rl, ask) {
     envReport = scanEnvironment(cwd);
   } catch { /* non-fatal */ }
 
-  // ── Studio Console: resolve provider availability ────────────────────────
-  const claudeAvail = envReport
-    ? envReport.secrets?.ANTHROPIC_API_KEY || auth.claude.found
-    : auth.claude.found;
-  const openaiAvail = envReport
-    ? envReport.secrets?.OPENAI_API_KEY || auth.openai.found
-    : auth.openai.found;
+  // ── Studio Console: resolve provider availability (subscription-only) ───
+  const claudeAvail = auth.claude.found;
+  const openaiAvail = auth.openai.found;
 
   // ── Box 2 — Workspace: gather git data ───────────────────────────────────
   let gitBranch       = 'unknown';
@@ -4108,12 +4098,10 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   let claudeAuthLabel = null;
   let claudeAuthType  = null;
   if (claudeReady) {
-    if (caps.claude.source === 'claude-code') {
+    if (caps.claude.source === 'claude-code' || caps.claude.source === 'claude-dir') {
       claudeAuthLabel = 'CLI OAuth'; claudeAuthType = 'cli_oauth';
-    } else if (caps.claude.source === 'env-key') {
-      claudeAuthLabel = 'API key'; claudeAuthType = 'api_key';
     } else {
-      claudeAuthLabel = caps.claude.source || 'detected'; claudeAuthType = 'unknown';
+      claudeAuthLabel = caps.claude.source || 'detected'; claudeAuthType = 'cli_oauth';
     }
     fx.success(`Claude CLI found · ${claudeAuthLabel}`);
   }
@@ -4121,10 +4109,7 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   // OpenAI / Codex
   let openaiAuthLabel = null;
   let openaiAuthType  = null;
-  if (openaiReady) {
-    openaiAuthLabel = 'API key'; openaiAuthType = 'api_key';
-    fx.success('OpenAI detected · API key');
-  } else if (codexAvailable) {
+  if (openaiReady || codexAvailable) {
     openaiAuthLabel = 'CLI OAuth'; openaiAuthType = 'cli_oauth';
     fx.success('OpenAI Codex CLI found · authenticated');
   }
@@ -4167,7 +4152,6 @@ async function runOnboardingWizard(_detection, cwd, rl) {
     } else if (noProvChoice === 'o') {
       process.stdout.write('\n');
       dimLine('Run: codex login');
-      dimLine('Or add OPENAI_API_KEY to Replit Secrets if using API key auth.');
       dimLine('Then re-run: dual-brain init');
       process.stdout.write('\n');
     }
@@ -4187,9 +4171,7 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   if (claudeReady) {
     process.stdout.write(`   ${GRAY}Claude${RST}  ${claudeAuthLabel}    ${GREEN}✓ authenticated${RST}\n`);
   }
-  if (openaiReady) {
-    process.stdout.write(`   ${GRAY}OpenAI${RST}  API key    ${GREEN}✓ OPENAI_API_KEY${RST}\n`);
-  } else if (codexAvailable) {
+  if (openaiReady || codexAvailable) {
     process.stdout.write(`   ${GRAY}OpenAI${RST}  CLI OAuth  ${GREEN}✓ authenticated${RST}\n`);
   }
 
@@ -4214,8 +4196,8 @@ async function runOnboardingWizard(_detection, cwd, rl) {
     process.stdout.write('\n');
   } else if (provChoice === 'a') {
     process.stdout.write('\n');
-    if (!claudeReady) dimLine('Claude: run `claude auth login` to authenticate');
-    if (!openaiReady && !codexAvailable) dimLine('OpenAI: set OPENAI_API_KEY or run `codex login`');
+    if (!claudeReady) dimLine('Claude: run `claude login` to authenticate');
+    if (!openaiReady && !codexAvailable) dimLine('OpenAI: run `codex login` to authenticate');
     process.stdout.write('\n');
     process.stdout.write(` ${GRAY}[Enter]${RST} continue with current providers\n\n`);
     await singleKey(['\r', 'q']);
@@ -4238,10 +4220,10 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   }
   if (finalOpenaiEnabled) {
     credEntries.push({
-      id: openaiReady ? 'openai-apikey' : 'openai-codex',
+      id: 'openai-codex',
       provider: 'openai',
-      auth_type: openaiAuthType || 'api_key',
-      source: openaiReady ? 'env_var' : 'cli_oauth',
+      auth_type: 'cli_oauth',
+      source: 'cli_oauth',
       owner: 'user',
       scope: 'local',
       plan_hint: null,
@@ -4263,12 +4245,6 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   const styleMap = { '1': 'auto', '2': 'quality-first', '3': 'cost-saver', '\r': 'auto' };
   const chosenBias = styleMap[styleKey] || 'auto';
 
-  // Metered API note (non-blocking)
-  if (openaiReady && caps.openai.metered) {
-    process.stdout.write('\n');
-    dimLine('OpenAI API key detected — usage is metered, guardrails enabled');
-  }
-
   process.stdout.write('\n');
 
   // Init living docs (non-fatal)
@@ -4294,7 +4270,7 @@ async function runOnboardingWizard(_detection, cwd, rl) {
 
   finalProfile.providers.claude = { enabled: finalClaudeEnabled };
   finalProfile.providers.openai = { enabled: finalOpenaiEnabled };
-  finalProfile.apiGuardrail     = caps.openai.metered;
+  finalProfile.apiGuardrail     = false;
   finalProfile.setupComplete    = true;
 
   const enabledCount = [finalClaudeEnabled, finalOpenaiEnabled].filter(Boolean).length;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dual-brain",
-  "version": "0.2.5",
+  "version": "0.2.6",
   "description": "AI orchestration across Claude + OpenAI subscriptions — smart routing, budget awareness, and dual-brain collaboration",
   "type": "module",
   "bin": {

package/src/awareness.mjs

@@ -49,8 +49,6 @@ function detectContainerType() {
 
 function scanSecrets() {
   const keys = [
-    'OPENAI_API_KEY',
-    'ANTHROPIC_API_KEY',
     'NPM_TOKEN',
     'DATABASE_URL',
     'GITHUB_TOKEN',
@@ -282,8 +280,6 @@ export function formatEnvironment(report) {
   if (toolEntries.length) lines.push(`Tools: ${toolEntries.join('  ')}`);
 
   const secretMap = {
-    OPENAI_API_KEY: 'OpenAI',
-    ANTHROPIC_API_KEY: 'Anthropic',
     NPM_TOKEN: 'npm',
     GITHUB_TOKEN: 'GitHub',
     DATABASE_URL: 'PostgreSQL',
@@ -335,8 +331,6 @@ export function getCapabilitySummary(report) {
   if (report.tools.gh?.available) caps.push('github-cli');
   if (report.tools.rg?.available) caps.push('ripgrep');
 
-  if (report.secrets.OPENAI_API_KEY) caps.push('openai-key');
-  if (report.secrets.ANTHROPIC_API_KEY) caps.push('anthropic-key');
 
   if (report.replitTools.installed) {
     for (const c of report.replitTools.capabilities) {
@@ -394,3 +388,38 @@ export function detectAmbiguity(prompt, context = {}) {
 
   return { isAmbiguous: false, reason: null };
 }
+
+/**
+ * Detect whether a user prompt is too vague to act on confidently.
+ *
+ * Checks for:
+ *   - Very short prompts (under 10 chars)
+ *   - No file paths, function names, or specific identifiers
+ *   - Pronoun-only references without antecedents ("fix that thing", "change it")
+ *
+ * @param {string} prompt — the user's raw prompt
+ * @returns {{ ambiguous: boolean, reason: string|null, confidence: number }}
+ */
+export function isAmbiguous(prompt) {
+  if (!prompt || typeof prompt !== 'string') return { ambiguous: true, reason: 'empty-prompt', confidence: 1.0 };
+
+  const trimmed = prompt.trim();
+  if (trimmed.length < 10) return { ambiguous: true, reason: 'too-short', confidence: 0.9 };
+
+  // Check for file paths, function names, specific identifiers
+  const hasSpecifics = /[a-zA-Z_]\w*\.(mjs|js|ts|tsx|jsx|py|go|rs|java|rb|css|html|json|yaml|yml|md|sh)/.test(trimmed)
+    || /[a-zA-Z_]\w*\(\)/.test(trimmed)  // function calls
+    || /`[^`]+`/.test(trimmed)            // backtick-quoted identifiers
+    || /"[^"]{3,}"/.test(trimmed)         // quoted strings
+    || /\b(line|function|class|method|variable|module|component|endpoint|route|table|column)\s+\w+/i.test(trimmed);
+
+  // Vague pronoun patterns
+  const vaguePatterns = /^(fix|change|update|do|make|help|look at|check)\s+(this|that|it|the thing|stuff|things?)$/i;
+  if (vaguePatterns.test(trimmed)) return { ambiguous: true, reason: 'vague-reference', confidence: 0.85 };
+
+  if (!hasSpecifics && trimmed.split(/\s+/).length < 5) {
+    return { ambiguous: true, reason: 'lacks-specifics', confidence: 0.7 };
+  }
+
+  return { ambiguous: false, reason: null, confidence: 0.1 };
+}

package/src/dispatch.mjs

@@ -345,7 +345,6 @@ async function detectRuntime() {
     claudeAvailable && codexAvailable ? 'claude-code'
     : claudeAvailable                 ? 'claude-code'
     : codexAvailable                  ? 'codex-cli'
-    : process.env.CLAUDE_API_KEY || process.env.ANTHROPIC_API_KEY ? 'standalone'
     : 'none';
 
   _runtimeCache = { claudeAvailable, codexAvailable, runtime };

package/src/doctor.mjs

@@ -564,13 +564,13 @@ const VERIFIERS = {
     try { execSync('which claude', { stdio: 'pipe', timeout: 2000 }); return { status: 'verified', evidence: 'claude CLI found', probe: 'which claude' }; }
     catch { return { status: 'failed', evidence: 'claude CLI not found', probe: 'which claude' }; }
   }},
-  'openai-key': { ttl: TTL_RUNTIME, fn: () => {
-    const has = !!process.env.OPENAI_API_KEY;
-    return { status: has ? 'verified' : 'failed', evidence: has ? 'OPENAI_API_KEY present' : 'OPENAI_API_KEY missing', probe: 'env check' };
+  'openai-key': { ttl: TTL_TOOL, fn: () => {
+    try { execSync('which codex', { stdio: 'pipe', timeout: 2000 }); return { status: 'verified', evidence: 'codex CLI found (subscription auth)', probe: 'which codex' }; }
+    catch { return { status: 'failed', evidence: 'codex CLI not found — run: codex login', probe: 'which codex' }; }
   }},
-  'anthropic-key': { ttl: TTL_RUNTIME, fn: () => {
-    const has = !!(process.env.ANTHROPIC_API_KEY || process.env.CLAUDE_API_KEY);
-    return { status: has ? 'verified' : 'failed', evidence: has ? 'API key present' : 'API key missing', probe: 'env check' };
+  'anthropic-key': { ttl: TTL_TOOL, fn: () => {
+    try { execSync('which claude', { stdio: 'pipe', timeout: 2000 }); return { status: 'verified', evidence: 'claude CLI found (subscription auth)', probe: 'which claude' }; }
+    catch { return { status: 'failed', evidence: 'claude CLI not found — run: claude login', probe: 'which claude' }; }
   }},
   'git-available': { ttl: TTL_TOOL, fn: () => {
     try { const v = execSync('git --version', { stdio: 'pipe', timeout: 2000 }).toString().trim(); return { status: 'verified', evidence: v, probe: 'git --version' }; }

package/src/health.mjs

@@ -94,6 +94,8 @@ export async function getAuthHealthStatus(cwd) {
   return { ok: false, detail: 'Auth: no credentials found (direct check)', source: 'unknown' };
 }
 
+const HEALTH_CHECK_TIMEOUT_MS = 5000;
+
 const HEALTH_FILE = '.dualbrain/health.json';
 
 // Cooldown ladder in minutes: index = attempts - 1, capped at last entry
@@ -327,7 +329,7 @@ export function resetHealth(cwd) {
  * @returns {Promise<{ ok: boolean, status: 'ok'|'timeout'|'error', detail?: string }>}
  */
 export async function pingProvider(url, opts = {}) {
-  const timeoutMs = opts.timeoutMs ?? 5000;
+  const timeoutMs = opts.timeoutMs ?? HEALTH_CHECK_TIMEOUT_MS;
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), timeoutMs);
   try {

package/src/pipeline.mjs

@@ -876,8 +876,8 @@ export async function runPipeline(trigger, prompt, options = {}) {
     try {
       const { suggestModel, getRegistryAge } = await import('./models.mjs');
       const availableProviders = [];
-      if (run.environment?.secrets?.ANTHROPIC_API_KEY || run.environment?.claudeCode?.isInsideClaude) availableProviders.push('anthropic');
-      if (run.environment?.secrets?.OPENAI_API_KEY) availableProviders.push('openai');
+      if (run.environment?.claudeCode?.isInsideClaude || run.environment?.tools?.claude?.available) availableProviders.push('anthropic');
+      if (run.environment?.tools?.codex?.available) availableProviders.push('openai');
 
       const intent = run.promptAnalysis?.intent?.type || 'execute';
       const risk = run.plan?.risk || 'medium';

package/src/profile.mjs

@@ -15,7 +15,7 @@
  *   getHeadModel(profile)          → suggested head model string
  *   detectCapabilities(cwd)        → what we can actually verify
  *   getOnboardingMessage(caps, ws) → honest 2-3 line status message
- *   needsApiGuardrail(caps)        → true if metered API key detected
+ *   detectCapabilities(cwd)        → available providers (subscription-based only)
  *
  * CLI:
  *   node src/profile.mjs                  # show current profile
@@ -136,7 +136,7 @@ function detectEnvironment() {
  * @param {string} [cwd]
  * @returns {Promise<{
  *   claude:       { available: boolean, source: string|null },
- *   openai:       { available: boolean, source: string|null, metered: boolean },
+ *   openai:       { available: boolean, source: string|null },
  *   codex:        { available: boolean, source: string|null },
  *   replitTools:  { available: boolean, checkpoints: boolean },
  * }>}
@@ -144,18 +144,15 @@ function detectEnvironment() {
 async function detectCapabilities(cwd) {
   const root = cwd || process.cwd();
 
-  // --- Claude: running inside Claude Code or has ANTHROPIC_API_KEY or ~/.claude dir ---
+  // --- Claude: running inside Claude Code session or CLI installed ---
   let claudeAvailable = false;
   let claudeSource = null;
 
   if (process.env.CLAUDE_CODE) {
     claudeAvailable = true;
     claudeSource = 'claude-code';
-  } else if (process.env.ANTHROPIC_API_KEY?.length > 0) {
-    claudeAvailable = true;
-    claudeSource = 'api-key';
   } else {
-    // Check for ~/.claude directory (Claude Code installation)
+    // Check for ~/.claude directory (Claude Code installation) or Replit Claude
     const claudeDir = join(homedir(), '.claude');
     const replitClaudeDir = join(root, '.replit-tools', '.claude-persistent');
     if (existsSync(claudeDir) || existsSync(replitClaudeDir)) {
@@ -164,9 +161,6 @@ async function detectCapabilities(cwd) {
     }
   }
 
-  // --- OpenAI: check for OPENAI_API_KEY presence (metered billing) ---
-  const openaiAvailable = !!process.env.OPENAI_API_KEY?.length;
-
   // --- Codex: check if 'codex' is in PATH ---
   let codexAvailable = false;
   let codexSource = null;
@@ -200,9 +194,8 @@ async function detectCapabilities(cwd) {
       source: claudeSource,
     },
     openai: {
-      available: openaiAvailable || codexAvailable,
-      source: openaiAvailable ? 'api-key' : codexAvailable ? 'codex-cli' : null,
-      metered: openaiAvailable && !codexAvailable,
+      available: codexAvailable,
+      source: codexAvailable ? 'codex-cli' : null,
     },
     codex: {
       available: codexAvailable,
@@ -215,18 +208,6 @@ async function detectCapabilities(cwd) {
   };
 }
 
-/**
- * Return true if any metered API key is detected.
- * When true, the system defaults to conservative API usage and should
- * confirm before expensive operations.
- *
- * @param {ReturnType<typeof detectCapabilities> extends Promise<infer T> ? T : never} capabilities
- * @returns {boolean}
- */
-function needsApiGuardrail(capabilities) {
-  return !!(capabilities?.openai?.metered);
-}
-
 /**
  * Generate an honest 2-3 line onboarding/status message based on
  * what we can actually verify.
@@ -237,9 +218,8 @@ function needsApiGuardrail(capabilities) {
  */
 function getOnboardingMessage(capabilities, workStyle = 'balanced') {
   const found = [];
-  if (capabilities?.claude?.available)  found.push('Claude Code');
-  if (capabilities?.openai?.available)  found.push('OpenAI API');
-  if (capabilities?.codex?.available && !capabilities?.openai?.available) found.push('Codex CLI');
+  if (capabilities?.claude?.available)  found.push('Claude · subscription');
+  if (capabilities?.codex?.available)   found.push('OpenAI · Codex subscription');
 
   const styleLabels = {
     'balanced':      'Balanced — smart routing, reviews on important changes',
@@ -258,16 +238,11 @@ function getOnboardingMessage(capabilities, workStyle = 'balanced') {
   lines.push(`Found: ${found.join(', ')}`);
   lines.push(`  Mode: ${modeLabel}`);
 
-  // Tip: suggest OpenAI if only Claude is available
-  if (capabilities?.claude?.available && !capabilities?.openai?.available && !capabilities?.codex?.available) {
+  // Tip: suggest Codex if only Claude is available
+  if (capabilities?.claude?.available && !capabilities?.codex?.available) {
     lines.push('  Tip: Run codex login for dual-brain collaboration');
   }
 
-  // Warn about metered billing
-  if (capabilities?.openai?.metered) {
-    lines.push('  Note: OpenAI API key detected — usage is metered, guardrails enabled');
-  }
-
   return lines.join('\n');
 }
 
@@ -393,9 +368,8 @@ async function runOnboarding(opts = {}) {
 
     // Show what we found honestly
     const foundProviders = [];
-    if (capabilities.claude.available)  foundProviders.push('Claude Code');
-    if (capabilities.openai.available)  foundProviders.push('OpenAI API (metered)');
-    if (capabilities.codex.available && !capabilities.openai.available) foundProviders.push('Codex CLI');
+    if (capabilities.claude.available)  foundProviders.push('Claude · subscription');
+    if (capabilities.codex.available)   foundProviders.push('OpenAI · Codex subscription');
 
     if (foundProviders.length > 0) {
       process.stdout.write(`Detected: ${foundProviders.join(', ')}\n\n`);
@@ -405,15 +379,14 @@ async function runOnboarding(opts = {}) {
 
     // Enable providers based on what's available
     profile.providers.claude.enabled = capabilities.claude.available;
-    profile.providers.openai.enabled = capabilities.openai.available || capabilities.codex.available;
-    profile.apiGuardrail = needsApiGuardrail(capabilities);
+    profile.providers.openai.enabled = capabilities.codex.available;
 
     // If detection missed something, ask
-    if (!capabilities.claude.available && !capabilities.openai.available && !capabilities.codex.available) {
-      const q1 = (await ask('Which AI providers do you have access to?\n  (1) Claude Code only  (2) OpenAI API only  (3) Both  (4) Neither\n> ')).trim();
+    if (!capabilities.claude.available && !capabilities.codex.available) {
+      const q1 = (await ask('Which AI providers do you have access to?\n  (1) Claude only  (2) OpenAI Codex only  (3) Both  (4) Neither\n> ')).trim();
       if (q1 === '1') { profile.providers.claude.enabled = true; }
-      else if (q1 === '2') { profile.providers.claude.enabled = false; profile.providers.openai.enabled = true; profile.apiGuardrail = true; }
-      else if (q1 === '3') { profile.providers.claude.enabled = true; profile.providers.openai.enabled = true; profile.apiGuardrail = true; }
+      else if (q1 === '2') { profile.providers.claude.enabled = false; profile.providers.openai.enabled = true; }
+      else if (q1 === '3') { profile.providers.claude.enabled = true; profile.providers.openai.enabled = true; }
     }
 
     const q3 = (await ask('\nDefault work style?\n  (1) Save usage  (2) Balanced  (3) Best quality\n> ')).trim();
@@ -546,19 +519,16 @@ async function autoSetup(cwd) {
     result.actions.push(`Claude: available (${capabilities.claude.source})`);
   } else {
     profile.providers.claude.enabled = false;
-    result.warnings.push('Claude not detected — install Claude Code or set ANTHROPIC_API_KEY');
+    result.warnings.push('Claude not detected — run: claude login');
   }
 
   // OpenAI / Codex
-  if (capabilities.openai.available) {
+  if (capabilities.codex.available) {
     profile.providers.openai.enabled = true;
-    result.actions.push('OpenAI: API key detected (metered billing — guardrails enabled)');
-  } else if (capabilities.codex.available) {
-    profile.providers.openai.enabled = true;
-    result.actions.push('Codex CLI: available');
+    result.actions.push('Codex CLI: available (subscription)');
   } else {
     profile.providers.openai.enabled = false;
-    result.warnings.push('OpenAI not detected — add OPENAI_API_KEY or install Codex CLI');
+    result.warnings.push('OpenAI not detected — run: codex login');
   }
 
   // Mode
@@ -568,7 +538,6 @@ async function autoSetup(cwd) {
     : 'solo-openai';
   profile.bias = 'balanced';
   profile.workStyle = 'balanced';
-  profile.apiGuardrail = needsApiGuardrail(capabilities);
   profile.capabilities = capabilities;
   profile.detectedAt = new Date().toISOString();
 
@@ -909,17 +878,6 @@ export async function checkCredentialHealth(cred, cwd = process.cwd()) {
       } catch {
         health = 'healthy'; // cli works, auth check unavailable
       }
-    } else if (cred.auth_type === 'api_key') {
-      if (cred.source === 'replit_secret') {
-        try {
-          const { hasSecret } = await import('./replit.mjs');
-          health = hasSecret(cred.env_var || cred.id.toUpperCase().replace(/-/g, '_')) ? 'healthy' : 'unhealthy';
-        } catch { health = 'unknown'; }
-      } else {
-        // env source
-        const varName = cred.env_var || cred.id.toUpperCase().replace(/-/g, '_');
-        health = (process.env[varName] && process.env[varName].length > 0) ? 'healthy' : 'unhealthy';
-      }
     }
   } catch { health = 'unknown'; }
   return { ...cred, health, last_checked_at: new Date().toISOString() };
@@ -949,64 +907,24 @@ export async function detectCredentials(cwd = process.cwd()) {
     });
   }
 
-  // ANTHROPIC_API_KEY
-  if (process.env.ANTHROPIC_API_KEY) {
-    found.push({
-      id: 'anthropic-api-key',
-      provider: 'claude',
-      auth_type: 'api_key',
-      source: 'env',
-      env_var: 'ANTHROPIC_API_KEY',
-      owner: 'user',
-      scope: 'local',
-      plan_hint: null,
-      enabled: true,
-      health: 'healthy',
-      last_checked_at: new Date().toISOString(),
-    });
-  }
-
-  // OPENAI_API_KEY (env)
-  if (process.env.OPENAI_API_KEY) {
+  // Codex CLI (subscription-based OpenAI access)
+  try {
+    execSync('which codex', { stdio: 'pipe', timeout: 2000 });
+    let codexHealth = 'unknown';
+    try { execSync('codex --version', { stdio: 'pipe', timeout: 3000 }); codexHealth = 'healthy'; } catch { codexHealth = 'degraded'; }
     found.push({
-      id: 'openai-api-key',
+      id: 'openai-codex-cli',
       provider: 'openai',
-      auth_type: 'api_key',
-      source: 'env',
-      env_var: 'OPENAI_API_KEY',
+      auth_type: 'cli_oauth',
+      source: 'local_cli',
       owner: 'user',
       scope: 'local',
       plan_hint: null,
       enabled: true,
-      health: 'healthy',
+      health: codexHealth,
       last_checked_at: new Date().toISOString(),
     });
-  }
-
-  // Replit secrets
-  try {
-    const { hasSecret } = await import('./replit.mjs');
-    const secretsToCheck = ['OPENAI_API_KEY', 'ANTHROPIC_API_KEY'];
-    for (const name of secretsToCheck) {
-      if (!process.env[name] && hasSecret(name)) {
-        const provider = name.startsWith('OPENAI') ? 'openai' : 'claude';
-        const id = name.toLowerCase().replace(/_/g, '-') + '-replit';
-        found.push({
-          id,
-          provider,
-          auth_type: 'api_key',
-          source: 'replit_secret',
-          env_var: name,
-          owner: 'user',
-          scope: 'workspace',
-          plan_hint: null,
-          enabled: true,
-          health: 'healthy',
-          last_checked_at: new Date().toISOString(),
-        });
-      }
-    }
-  } catch { /* replit.mjs unavailable */ }
+  } catch { /* codex not in PATH */ }
 
   return found;
 }
@@ -1120,12 +1038,12 @@ export async function getCapabilityManifest(cwd = process.cwd()) {
     budget: { pressure5h: 0, pressure7d: 0 }, source: 'none' };
 
   try {
-    // available: claude CLI or CLAUDE_CODE env or replit-tools claude dir
+    // available: CLAUDE_CODE env, claude CLI, or replit-tools claude dir
     const claudeDir       = join(homedir(), '.claude');
     const replitClaudeDir = join(cwd, '.replit-tools', '.claude-persistent');
-    if (process.env.CLAUDE_CODE || process.env.ANTHROPIC_API_KEY) {
+    if (process.env.CLAUDE_CODE) {
       claudeProvider.available = true;
-      claudeProvider.source    = process.env.ANTHROPIC_API_KEY ? 'env' : 'credentials';
+      claudeProvider.source    = 'credentials';
     } else if (existsSync(claudeDir) || existsSync(replitClaudeDir)) {
       claudeProvider.available = true;
       claudeProvider.source    = existsSync(replitClaudeDir) ? 'replit-tools' : 'credentials';
@@ -1164,15 +1082,12 @@ export async function getCapabilityManifest(cwd = process.cwd()) {
     budget: { pressure5h: 0, pressure7d: 0 }, source: 'none' };
 
   try {
-    let hasSecret = false;
-    try { const { hasSecret: hs } = await import('./replit.mjs'); hasSecret = hs('OPENAI_API_KEY'); } catch { hasSecret = !!(process.env.OPENAI_API_KEY); }
-
     let codexAvailable = false;
     try { execSync('which codex', { stdio: 'pipe', timeout: 2000 }); codexAvailable = true; } catch { /* not in PATH */ }
 
-    openaiProvider.available      = hasSecret || codexAvailable;
-    openaiProvider.authenticated  = hasSecret;
-    openaiProvider.source         = hasSecret ? 'env' : codexAvailable ? 'codex-config' : 'none';
+    openaiProvider.available      = codexAvailable;
+    openaiProvider.authenticated  = codexAvailable;
+    openaiProvider.source         = codexAvailable ? 'codex-cli' : 'none';
   } catch { /* detection failed */ }
 
   openaiProvider.plan   = normalizePlan(orchProv.openai?.subscription ?? orchSubs.openai?.plan);
@@ -1387,7 +1302,7 @@ async function main() {
     `head model : ${getHeadModel(profile)}`,
     `providers  : ${providers.map(p => p.name).join(', ') || 'none'}`,
     `prefs      : ${profile.preferences?.filter(p => p.enabled).length || 0} active`,
-    `guardrail  : ${needsApiGuardrail(caps) ? 'enabled (metered API key detected)' : 'off'}`,
+    `guardrail  : off`,
     '',
     getOnboardingMessage(caps, profile.workStyle || profile.bias),
   ].forEach(l => process.stdout.write(l + '\n'));
@@ -1404,7 +1319,7 @@ export {
   loadProfile, saveProfile, ensureProfile, runOnboarding,
   rememberPreference, forgetPreference, getActivePreferences,
   getAvailableProviders, isSoloBrain, getHeadModel,
-  detectCapabilities, getOnboardingMessage, needsApiGuardrail,
+  detectCapabilities, getOnboardingMessage,
   syncPreferencesToMemory,
   detectAuth, detectEnvironment,
   autoSetup, autoRefreshToken,

package/src/replit.mjs

@@ -339,7 +339,7 @@ const SYSTEM_PREFIXES = [
 ];
 
 const KNOWN_SECRET_NAMES = [
-  'OPENAI_API_KEY', 'ANTHROPIC_API_KEY', 'DATABASE_URL', 'REPLIT_DB_URL',
+  'DATABASE_URL', 'REPLIT_DB_URL',
   'GITHUB_TOKEN', 'GITHUB_API_TOKEN', 'NPM_TOKEN', 'NPM_AUTH_TOKEN',
   'STRIPE_SECRET_KEY', 'STRIPE_API_KEY', 'AWS_ACCESS_KEY_ID',
   'AWS_SECRET_ACCESS_KEY', 'GOOGLE_API_KEY', 'GOOGLE_APPLICATION_CREDENTIALS',