npm - dual-brain - Versions diffs - 0.2.5 → 0.2.7 - Mend

dual-brain 0.2.5 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/bin/dual-brain.mjs CHANGED Viewed

@@ -946,9 +946,7 @@ async function cmdStatus(args = []) {
       const archive = replit.getSessionArchive(cwd);
       const archiveCount = Array.isArray(archive) ? archive.length : (archive?.count ?? 0);
       console.log(`  session archive: ${archiveCount} session${archiveCount !== 1 ? 's' : ''}`);
-      const openaiPresent  = replit.hasSecret('OPENAI_API_KEY');
-      const anthropicPresent = replit.hasSecret('ANTHROPIC_API_KEY');
-      console.log(`  secrets       : OPENAI_API_KEY=${openaiPresent ? 'set' : 'unset'}  ANTHROPIC_API_KEY=${anthropicPresent ? 'set' : 'unset'}`);
+      // Subscription-only: no API key secrets to check
     }
   } catch { /* replit.mjs not available or not in Replit — skip silently */ }
@@ -1042,43 +1040,58 @@ async function installGlobal() {
     return;
   }
-  // Load existing settings (merge, never clobber)
-  let existing = {};
-  if (existsSync(globalSettingsPath)) {
-    try { existing = JSON.parse(readFileSync(globalSettingsPath, 'utf8')); } catch {}
-  }
-  // Ensure hooks structure exists
-  if (!existing.hooks) existing.hooks = {};
-  if (!existing.hooks.PreToolUse) existing.hooks.PreToolUse = [];
-  if (!existing.hooks.PostToolUse) existing.hooks.PostToolUse = [];
-  // Define dual-brain hooks with ownership marker
-  const DB_MARKER = '# dual-brain-managed';
-  const preToolHooks = [
-    { matcher: 'Edit',        hooks: [{ type: 'command', command: `node ${join(hooksDir, 'head-guard.mjs')} ${DB_MARKER}` }] },
-    { matcher: 'Write',       hooks: [{ type: 'command', command: `node ${join(hooksDir, 'head-guard.mjs')} ${DB_MARKER}` }] },
-    { matcher: 'NotebookEdit',hooks: [{ type: 'command', command: `node ${join(hooksDir, 'head-guard.mjs')} ${DB_MARKER}` }] },
-    { matcher: 'Bash',        hooks: [{ type: 'command', command: `node ${join(hooksDir, 'head-guard.mjs')} ${DB_MARKER}` }] },
-    { matcher: 'Agent',       hooks: [{ type: 'command', command: `node ${join(hooksDir, 'enforce-tier.mjs')} ${DB_MARKER}` }] },
-  ];
-  const postToolHooks = [
-    { matcher: '', hooks: [{ type: 'command', command: `node ${join(hooksDir, 'cost-logger.mjs')} ${DB_MARKER}` }] },
-    { matcher: '', hooks: [{ type: 'command', command: `node ${join(hooksDir, 'auto-update-wrapper.mjs')} ${DB_MARKER}` }] },
-  ];
-  // Remove any existing dual-brain hooks (idempotent)
-  const isDBHook = (entry) => entry.hooks?.some(h => h.command?.includes(DB_MARKER));
-  existing.hooks.PreToolUse  = existing.hooks.PreToolUse.filter(e => !isDBHook(e));
-  existing.hooks.PostToolUse = existing.hooks.PostToolUse.filter(e => !isDBHook(e));
+  // Check if project-local hooks already exist (avoids double-firing)
+  const projectLocalSettings = join(pkgRoot, '.claude', 'settings.local.json');
+  const hasProjectLocalHooks = (() => {
+    if (!existsSync(projectLocalSettings)) return false;
+    try {
+      const content = readFileSync(projectLocalSettings, 'utf8');
+      return content.includes('dual-brain') || content.includes('head-guard');
+    } catch { return false; }
+  })();
+  if (hasProjectLocalHooks) {
+    console.log('  hooks already configured project-locally, skipping global hooks');
+    console.log('  (project .claude/settings.local.json already contains dual-brain hooks)');
+  } else {
+    // Load existing settings (merge, never clobber)
+    let existing = {};
+    if (existsSync(globalSettingsPath)) {
+      try { existing = JSON.parse(readFileSync(globalSettingsPath, 'utf8')); } catch {}
+    }
-  // Add dual-brain hooks
-  existing.hooks.PreToolUse.push(...preToolHooks);
-  existing.hooks.PostToolUse.push(...postToolHooks);
+    // Ensure hooks structure exists
+    if (!existing.hooks) existing.hooks = {};
+    if (!existing.hooks.PreToolUse) existing.hooks.PreToolUse = [];
+    if (!existing.hooks.PostToolUse) existing.hooks.PostToolUse = [];
-  // Write merged settings
-  mkdirSync(globalClaudeDir, { recursive: true });
-  writeFileSync(globalSettingsPath, JSON.stringify(existing, null, 2) + '\n');
+    // Define dual-brain hooks with ownership marker
+    const DB_MARKER = '# dual-brain-managed';
+    const preToolHooks = [
+      { matcher: 'Edit',        hooks: [{ type: 'command', command: `node ${join(hooksDir, 'head-guard.mjs')} ${DB_MARKER}` }] },
+      { matcher: 'Write',       hooks: [{ type: 'command', command: `node ${join(hooksDir, 'head-guard.mjs')} ${DB_MARKER}` }] },
+      { matcher: 'NotebookEdit',hooks: [{ type: 'command', command: `node ${join(hooksDir, 'head-guard.mjs')} ${DB_MARKER}` }] },
+      { matcher: 'Bash',        hooks: [{ type: 'command', command: `node ${join(hooksDir, 'head-guard.mjs')} ${DB_MARKER}` }] },
+      { matcher: 'Agent',       hooks: [{ type: 'command', command: `node ${join(hooksDir, 'enforce-tier.mjs')} ${DB_MARKER}` }] },
+    ];
+    const postToolHooks = [
+      { matcher: '', hooks: [{ type: 'command', command: `node ${join(hooksDir, 'cost-logger.mjs')} ${DB_MARKER}` }] },
+      { matcher: '', hooks: [{ type: 'command', command: `node ${join(hooksDir, 'auto-update-wrapper.mjs')} ${DB_MARKER}` }] },
+    ];
+    // Remove any existing dual-brain hooks (idempotent)
+    const isDBHook = (entry) => entry.hooks?.some(h => h.command?.includes(DB_MARKER));
+    existing.hooks.PreToolUse  = existing.hooks.PreToolUse.filter(e => !isDBHook(e));
+    existing.hooks.PostToolUse = existing.hooks.PostToolUse.filter(e => !isDBHook(e));
+    // Add dual-brain hooks
+    existing.hooks.PreToolUse.push(...preToolHooks);
+    existing.hooks.PostToolUse.push(...postToolHooks);
+    // Write merged settings
+    mkdirSync(globalClaudeDir, { recursive: true });
+    writeFileSync(globalSettingsPath, JSON.stringify(existing, null, 2) + '\n');
+  }
   // Write minimal global CLAUDE.md (only if none exists, or append section)
   const globalClaudeMd = join(globalClaudeDir, 'CLAUDE.md');
@@ -1093,12 +1106,16 @@ async function installGlobal() {
     }
   }
-  console.log('  + dual-brain hooks installed globally');
-  console.log('    hooks dir: ' + hooksDir);
-  console.log('    settings:  ' + globalSettingsPath);
-  console.log('');
-  console.log('  All new Claude sessions will load dual-brain hooks.');
-  console.log('  Run "dual-brain uninstall --global" to remove.');
+  if (!hasProjectLocalHooks) {
+    console.log('  + dual-brain hooks installed globally');
+    console.log('    hooks dir: ' + hooksDir);
+    console.log('    settings:  ' + globalSettingsPath);
+    console.log('');
+    console.log('  All new Claude sessions will load dual-brain hooks.');
+    console.log('  Run "dual-brain uninstall --global" to remove.');
+  }
+  console.log('  + global CLAUDE.md updated');
+  console.log('    path: ' + globalClaudeDir);
 }
 async function uninstallGlobal() {
@@ -1981,13 +1998,9 @@ function buildProviderStatusLine(profile, auth, envReport = null) {
   const GREEN = '\x1b[32m●\x1b[0m';
   const RED   = '\x1b[31m●\x1b[0m';
-  // Use envReport secrets when available; fall back to auth detection
-  const claudeAvailable = envReport
-    ? envReport.secrets.ANTHROPIC_API_KEY || auth.claude.found
-    : auth.claude.found;
-  const openaiAvailable = envReport
-    ? envReport.secrets.OPENAI_API_KEY || auth.openai.found
-    : auth.openai.found;
+  // Subscription-only detection — no API key secrets
+  const claudeAvailable = auth.claude.found;
+  const openaiAvailable = auth.openai.found;
   const claudeDot = claudeAvailable ? GREEN : RED;
   const openaiDot = openaiAvailable ? GREEN : RED;
@@ -2169,6 +2182,15 @@ async function mainScreen(rl, ask) {
     dashSpinner = fx.spinner('Loading dashboard...').start();
   }
+  // ── One-time default shell prompt for returning users (never asked before) ─
+  if (profile.setupComplete && !profile.defaultShellAsked) {
+    if (dashSpinner) { dashSpinner.stop(); dashSpinner = null; }
+    const wantsDefault = await askDefaultShell(cwd, rl, fx);
+    profile.defaultShellAsked = true;
+    profile.isDefaultShell = wantsDefault;
+    saveProfile(profile, { cwd });
+  }
   const claudeSub = profile?.providers?.claude;
   const openaiSub = profile?.providers?.openai;
@@ -2308,13 +2330,9 @@ async function mainScreen(rl, ask) {
     envReport = scanEnvironment(cwd);
   } catch { /* non-fatal */ }
-  // ── Studio Console: resolve provider availability ────────────────────────
-  const claudeAvail = envReport
-    ? envReport.secrets?.ANTHROPIC_API_KEY || auth.claude.found
-    : auth.claude.found;
-  const openaiAvail = envReport
-    ? envReport.secrets?.OPENAI_API_KEY || auth.openai.found
-    : auth.openai.found;
+  // ── Studio Console: resolve provider availability (subscription-only) ───
+  const claudeAvail = auth.claude.found;
+  const openaiAvail = auth.openai.found;
   // ── Box 2 — Workspace: gather git data ───────────────────────────────────
   let gitBranch       = 'unknown';
@@ -3994,6 +4012,62 @@ function saveWizardCredentials(cwd, detectedProviders) {
  * @param {object} rl  readline interface
  * @returns {object|null}  profile object to save, or null if cancelled/skipped
  */
+function setAsDefaultShell(cwd) {
+  const root = cwd || process.cwd();
+  const replitPath = join(root, '.replit');
+  if (!existsSync(replitPath)) return;
+  let content = readFileSync(replitPath, 'utf8');
+  const newOnBoot = 'onBoot = "source /home/runner/workspace/.replit-tools/scripts/setup-claude-code.sh 2>/dev/null || true; ln -sf /home/runner/workspace/.replit-tools/.npm-persistent/.npmrc ~/.npmrc 2>/dev/null || true; dual-brain install --global 2>/dev/null || true"';
+  if (content.match(/^onBoot\s*=/m)) {
+    content = content.replace(/^onBoot\s*=.*$/m, newOnBoot);
+  } else {
+    content += '\n' + newOnBoot + '\n';
+  }
+  writeFileSync(replitPath, content);
+}
+function removeAsDefaultShell(cwd) {
+  const root = cwd || process.cwd();
+  const replitPath = join(root, '.replit');
+  if (!existsSync(replitPath)) return;
+  let content = readFileSync(replitPath, 'utf8');
+  const origOnBoot = 'onBoot = "source /home/runner/workspace/.replit-tools/scripts/setup-claude-code.sh 2>/dev/null || true"';
+  if (content.match(/^onBoot\s*=/m)) {
+    content = content.replace(/^onBoot\s*=.*$/m, origOnBoot);
+    writeFileSync(replitPath, content);
+  }
+}
+async function askDefaultShell(cwd, rl, fx) {
+  const cl = fx.colors || {};
+  const DIM = cl.dim || '';
+  const BOLD = cl.bold || '';
+  const GRAY = cl.gray || '';
+  const GREEN = cl.green || '';
+  const RST = cl.reset || '';
+  process.stdout.write('\n');
+  process.stdout.write(` ${BOLD}Shell startup${RST}\n\n`);
+  process.stdout.write(` ${DIM}dual-brain can start automatically when your shell opens.${RST}\n`);
+  process.stdout.write(` ${DIM}This modifies .replit onBoot. You can change it anytime in Settings.${RST}\n\n`);
+  process.stdout.write(` ${GRAY}[y]${RST} Yes, set as default  ${GRAY}[n]${RST} No, I'll run it manually\n\n`);
+  const answer = await new Promise(res => rl.question('  ', (a) => res(a.trim().toLowerCase())));
+  const yes = !answer || answer.startsWith('y');
+  if (yes) {
+    setAsDefaultShell(cwd);
+    process.stdout.write(` ${GREEN}+${RST} ${DIM}dual-brain will start on boot. Change anytime in Settings.${RST}\n`);
+  } else {
+    process.stdout.write(` ${DIM}No problem. Run dual-brain anytime from the command line.${RST}\n`);
+  }
+  return yes;
+}
 async function runOnboardingWizard(_detection, cwd, rl) {
   const fx  = await getFx();
   const cl  = fx.colors || {};
@@ -4108,12 +4182,10 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   let claudeAuthLabel = null;
   let claudeAuthType  = null;
   if (claudeReady) {
-    if (caps.claude.source === 'claude-code') {
+    if (caps.claude.source === 'claude-code' || caps.claude.source === 'claude-dir') {
       claudeAuthLabel = 'CLI OAuth'; claudeAuthType = 'cli_oauth';
-    } else if (caps.claude.source === 'env-key') {
-      claudeAuthLabel = 'API key'; claudeAuthType = 'api_key';
     } else {
-      claudeAuthLabel = caps.claude.source || 'detected'; claudeAuthType = 'unknown';
+      claudeAuthLabel = caps.claude.source || 'detected'; claudeAuthType = 'cli_oauth';
     }
     fx.success(`Claude CLI found · ${claudeAuthLabel}`);
   }
@@ -4121,10 +4193,7 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   // OpenAI / Codex
   let openaiAuthLabel = null;
   let openaiAuthType  = null;
-  if (openaiReady) {
-    openaiAuthLabel = 'API key'; openaiAuthType = 'api_key';
-    fx.success('OpenAI detected · API key');
-  } else if (codexAvailable) {
+  if (openaiReady || codexAvailable) {
     openaiAuthLabel = 'CLI OAuth'; openaiAuthType = 'cli_oauth';
     fx.success('OpenAI Codex CLI found · authenticated');
   }
@@ -4167,7 +4236,6 @@ async function runOnboardingWizard(_detection, cwd, rl) {
     } else if (noProvChoice === 'o') {
       process.stdout.write('\n');
       dimLine('Run: codex login');
-      dimLine('Or add OPENAI_API_KEY to Replit Secrets if using API key auth.');
       dimLine('Then re-run: dual-brain init');
       process.stdout.write('\n');
     }
@@ -4187,9 +4255,7 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   if (claudeReady) {
     process.stdout.write(`   ${GRAY}Claude${RST}  ${claudeAuthLabel}    ${GREEN}✓ authenticated${RST}\n`);
   }
-  if (openaiReady) {
-    process.stdout.write(`   ${GRAY}OpenAI${RST}  API key    ${GREEN}✓ OPENAI_API_KEY${RST}\n`);
-  } else if (codexAvailable) {
+  if (openaiReady || codexAvailable) {
     process.stdout.write(`   ${GRAY}OpenAI${RST}  CLI OAuth  ${GREEN}✓ authenticated${RST}\n`);
   }
@@ -4214,8 +4280,8 @@ async function runOnboardingWizard(_detection, cwd, rl) {
     process.stdout.write('\n');
   } else if (provChoice === 'a') {
     process.stdout.write('\n');
-    if (!claudeReady) dimLine('Claude: run `claude auth login` to authenticate');
-    if (!openaiReady && !codexAvailable) dimLine('OpenAI: set OPENAI_API_KEY or run `codex login`');
+    if (!claudeReady) dimLine('Claude: run `claude login` to authenticate');
+    if (!openaiReady && !codexAvailable) dimLine('OpenAI: run `codex login` to authenticate');
     process.stdout.write('\n');
     process.stdout.write(` ${GRAY}[Enter]${RST} continue with current providers\n\n`);
     await singleKey(['\r', 'q']);
@@ -4238,10 +4304,10 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   }
   if (finalOpenaiEnabled) {
     credEntries.push({
-      id: openaiReady ? 'openai-apikey' : 'openai-codex',
+      id: 'openai-codex',
       provider: 'openai',
-      auth_type: openaiAuthType || 'api_key',
-      source: openaiReady ? 'env_var' : 'cli_oauth',
+      auth_type: 'cli_oauth',
+      source: 'cli_oauth',
       owner: 'user',
       scope: 'local',
       plan_hint: null,
@@ -4263,12 +4329,6 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   const styleMap = { '1': 'auto', '2': 'quality-first', '3': 'cost-saver', '\r': 'auto' };
   const chosenBias = styleMap[styleKey] || 'auto';
-  // Metered API note (non-blocking)
-  if (openaiReady && caps.openai.metered) {
-    process.stdout.write('\n');
-    dimLine('OpenAI API key detected — usage is metered, guardrails enabled');
-  }
   process.stdout.write('\n');
   // Init living docs (non-fatal)
@@ -4294,7 +4354,7 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   finalProfile.providers.claude = { enabled: finalClaudeEnabled };
   finalProfile.providers.openai = { enabled: finalOpenaiEnabled };
-  finalProfile.apiGuardrail     = caps.openai.metered;
+  finalProfile.apiGuardrail     = false;
   finalProfile.setupComplete    = true;
   const enabledCount = [finalClaudeEnabled, finalOpenaiEnabled].filter(Boolean).length;
@@ -4302,6 +4362,23 @@ async function runOnboardingWizard(_detection, cwd, rl) {
   finalProfile.bias      = chosenBias;
   finalProfile.workStyle = chosenBias;
+  // Ask about default shell (only on first wizard run)
+  if (!finalProfile.defaultShellAsked) {
+    const wantsDefault = await askDefaultShell(cwd, rl, fx);
+    finalProfile.defaultShellAsked = true;
+    finalProfile.isDefaultShell = wantsDefault;
+    saveProfile(finalProfile, { cwd });
+    // Also run global install if they said yes
+    if (wantsDefault) {
+      try {
+        execSync('node ' + join(dirname(fileURLToPath(import.meta.url)), 'dual-brain.mjs') + ' install --global', {
+          cwd, stdio: 'pipe', timeout: 10000,
+        });
+      } catch {}
+    }
+  }
   return finalProfile;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dual-brain",
-  "version": "0.2.5",
+  "version": "0.2.7",
   "description": "AI orchestration across Claude + OpenAI subscriptions — smart routing, budget awareness, and dual-brain collaboration",
   "type": "module",
   "bin": {

package/src/awareness.mjs CHANGED Viewed

@@ -49,8 +49,6 @@ function detectContainerType() {
 function scanSecrets() {
   const keys = [
-    'OPENAI_API_KEY',
-    'ANTHROPIC_API_KEY',
     'NPM_TOKEN',
     'DATABASE_URL',
     'GITHUB_TOKEN',
@@ -282,8 +280,6 @@ export function formatEnvironment(report) {
   if (toolEntries.length) lines.push(`Tools: ${toolEntries.join('  ')}`);
   const secretMap = {
-    OPENAI_API_KEY: 'OpenAI',
-    ANTHROPIC_API_KEY: 'Anthropic',
     NPM_TOKEN: 'npm',
     GITHUB_TOKEN: 'GitHub',
     DATABASE_URL: 'PostgreSQL',
@@ -335,8 +331,6 @@ export function getCapabilitySummary(report) {
   if (report.tools.gh?.available) caps.push('github-cli');
   if (report.tools.rg?.available) caps.push('ripgrep');
-  if (report.secrets.OPENAI_API_KEY) caps.push('openai-key');
-  if (report.secrets.ANTHROPIC_API_KEY) caps.push('anthropic-key');
   if (report.replitTools.installed) {
     for (const c of report.replitTools.capabilities) {
@@ -394,3 +388,38 @@ export function detectAmbiguity(prompt, context = {}) {
   return { isAmbiguous: false, reason: null };
 }
+/**
+ * Detect whether a user prompt is too vague to act on confidently.
+ *
+ * Checks for:
+ *   - Very short prompts (under 10 chars)
+ *   - No file paths, function names, or specific identifiers
+ *   - Pronoun-only references without antecedents ("fix that thing", "change it")
+ *
+ * @param {string} prompt — the user's raw prompt
+ * @returns {{ ambiguous: boolean, reason: string|null, confidence: number }}
+ */
+export function isAmbiguous(prompt) {
+  if (!prompt || typeof prompt !== 'string') return { ambiguous: true, reason: 'empty-prompt', confidence: 1.0 };
+  const trimmed = prompt.trim();
+  if (trimmed.length < 10) return { ambiguous: true, reason: 'too-short', confidence: 0.9 };
+  // Check for file paths, function names, specific identifiers
+  const hasSpecifics = /[a-zA-Z_]\w*\.(mjs|js|ts|tsx|jsx|py|go|rs|java|rb|css|html|json|yaml|yml|md|sh)/.test(trimmed)
+    || /[a-zA-Z_]\w*\(\)/.test(trimmed)  // function calls
+    || /`[^`]+`/.test(trimmed)            // backtick-quoted identifiers
+    || /"[^"]{3,}"/.test(trimmed)         // quoted strings
+    || /\b(line|function|class|method|variable|module|component|endpoint|route|table|column)\s+\w+/i.test(trimmed);
+  // Vague pronoun patterns
+  const vaguePatterns = /^(fix|change|update|do|make|help|look at|check)\s+(this|that|it|the thing|stuff|things?)$/i;
+  if (vaguePatterns.test(trimmed)) return { ambiguous: true, reason: 'vague-reference', confidence: 0.85 };
+  if (!hasSpecifics && trimmed.split(/\s+/).length < 5) {
+    return { ambiguous: true, reason: 'lacks-specifics', confidence: 0.7 };
+  }
+  return { ambiguous: false, reason: null, confidence: 0.1 };
+}

package/src/dispatch.mjs CHANGED Viewed

@@ -345,7 +345,6 @@ async function detectRuntime() {
     claudeAvailable && codexAvailable ? 'claude-code'
     : claudeAvailable                 ? 'claude-code'
     : codexAvailable                  ? 'codex-cli'
-    : process.env.CLAUDE_API_KEY || process.env.ANTHROPIC_API_KEY ? 'standalone'
     : 'none';
   _runtimeCache = { claudeAvailable, codexAvailable, runtime };

package/src/doctor.mjs CHANGED Viewed

@@ -564,13 +564,13 @@ const VERIFIERS = {
     try { execSync('which claude', { stdio: 'pipe', timeout: 2000 }); return { status: 'verified', evidence: 'claude CLI found', probe: 'which claude' }; }
     catch { return { status: 'failed', evidence: 'claude CLI not found', probe: 'which claude' }; }
   }},
-  'openai-key': { ttl: TTL_RUNTIME, fn: () => {
-    const has = !!process.env.OPENAI_API_KEY;
-    return { status: has ? 'verified' : 'failed', evidence: has ? 'OPENAI_API_KEY present' : 'OPENAI_API_KEY missing', probe: 'env check' };
+  'openai-key': { ttl: TTL_TOOL, fn: () => {
+    try { execSync('which codex', { stdio: 'pipe', timeout: 2000 }); return { status: 'verified', evidence: 'codex CLI found (subscription auth)', probe: 'which codex' }; }
+    catch { return { status: 'failed', evidence: 'codex CLI not found — run: codex login', probe: 'which codex' }; }
   }},
-  'anthropic-key': { ttl: TTL_RUNTIME, fn: () => {
-    const has = !!(process.env.ANTHROPIC_API_KEY || process.env.CLAUDE_API_KEY);
-    return { status: has ? 'verified' : 'failed', evidence: has ? 'API key present' : 'API key missing', probe: 'env check' };
+  'anthropic-key': { ttl: TTL_TOOL, fn: () => {
+    try { execSync('which claude', { stdio: 'pipe', timeout: 2000 }); return { status: 'verified', evidence: 'claude CLI found (subscription auth)', probe: 'which claude' }; }
+    catch { return { status: 'failed', evidence: 'claude CLI not found — run: claude login', probe: 'which claude' }; }
   }},
   'git-available': { ttl: TTL_TOOL, fn: () => {
     try { const v = execSync('git --version', { stdio: 'pipe', timeout: 2000 }).toString().trim(); return { status: 'verified', evidence: v, probe: 'git --version' }; }

package/src/health.mjs CHANGED Viewed

@@ -94,6 +94,8 @@ export async function getAuthHealthStatus(cwd) {
   return { ok: false, detail: 'Auth: no credentials found (direct check)', source: 'unknown' };
 }
+const HEALTH_CHECK_TIMEOUT_MS = 5000;
 const HEALTH_FILE = '.dualbrain/health.json';
 // Cooldown ladder in minutes: index = attempts - 1, capped at last entry
@@ -327,7 +329,7 @@ export function resetHealth(cwd) {
  * @returns {Promise<{ ok: boolean, status: 'ok'|'timeout'|'error', detail?: string }>}
  */
 export async function pingProvider(url, opts = {}) {
-  const timeoutMs = opts.timeoutMs ?? 5000;
+  const timeoutMs = opts.timeoutMs ?? HEALTH_CHECK_TIMEOUT_MS;
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), timeoutMs);
   try {

package/src/pipeline.mjs CHANGED Viewed

@@ -876,8 +876,8 @@ export async function runPipeline(trigger, prompt, options = {}) {
     try {
       const { suggestModel, getRegistryAge } = await import('./models.mjs');
       const availableProviders = [];
-      if (run.environment?.secrets?.ANTHROPIC_API_KEY || run.environment?.claudeCode?.isInsideClaude) availableProviders.push('anthropic');
-      if (run.environment?.secrets?.OPENAI_API_KEY) availableProviders.push('openai');
+      if (run.environment?.claudeCode?.isInsideClaude || run.environment?.tools?.claude?.available) availableProviders.push('anthropic');
+      if (run.environment?.tools?.codex?.available) availableProviders.push('openai');
       const intent = run.promptAnalysis?.intent?.type || 'execute';
       const risk = run.plan?.risk || 'medium';

package/src/profile.mjs CHANGED Viewed

@@ -15,7 +15,7 @@
  *   getHeadModel(profile)          → suggested head model string
  *   detectCapabilities(cwd)        → what we can actually verify
  *   getOnboardingMessage(caps, ws) → honest 2-3 line status message
- *   needsApiGuardrail(caps)        → true if metered API key detected
+ *   detectCapabilities(cwd)        → available providers (subscription-based only)
  *
  * CLI:
  *   node src/profile.mjs                  # show current profile
@@ -136,7 +136,7 @@ function detectEnvironment() {
  * @param {string} [cwd]
  * @returns {Promise<{
  *   claude:       { available: boolean, source: string|null },
- *   openai:       { available: boolean, source: string|null, metered: boolean },
+ *   openai:       { available: boolean, source: string|null },
  *   codex:        { available: boolean, source: string|null },
  *   replitTools:  { available: boolean, checkpoints: boolean },
  * }>}
@@ -144,18 +144,15 @@ function detectEnvironment() {
 async function detectCapabilities(cwd) {
   const root = cwd || process.cwd();
-  // --- Claude: running inside Claude Code or has ANTHROPIC_API_KEY or ~/.claude dir ---
+  // --- Claude: running inside Claude Code session or CLI installed ---
   let claudeAvailable = false;
   let claudeSource = null;
   if (process.env.CLAUDE_CODE) {
     claudeAvailable = true;
     claudeSource = 'claude-code';
-  } else if (process.env.ANTHROPIC_API_KEY?.length > 0) {
-    claudeAvailable = true;
-    claudeSource = 'api-key';
   } else {
-    // Check for ~/.claude directory (Claude Code installation)
+    // Check for ~/.claude directory (Claude Code installation) or Replit Claude
     const claudeDir = join(homedir(), '.claude');
     const replitClaudeDir = join(root, '.replit-tools', '.claude-persistent');
     if (existsSync(claudeDir) || existsSync(replitClaudeDir)) {
@@ -164,9 +161,6 @@ async function detectCapabilities(cwd) {
     }
   }
-  // --- OpenAI: check for OPENAI_API_KEY presence (metered billing) ---
-  const openaiAvailable = !!process.env.OPENAI_API_KEY?.length;
   // --- Codex: check if 'codex' is in PATH ---
   let codexAvailable = false;
   let codexSource = null;
@@ -200,9 +194,8 @@ async function detectCapabilities(cwd) {
       source: claudeSource,
     },
     openai: {
-      available: openaiAvailable || codexAvailable,
-      source: openaiAvailable ? 'api-key' : codexAvailable ? 'codex-cli' : null,
-      metered: openaiAvailable && !codexAvailable,
+      available: codexAvailable,
+      source: codexAvailable ? 'codex-cli' : null,
     },
     codex: {
       available: codexAvailable,
@@ -215,18 +208,6 @@ async function detectCapabilities(cwd) {
   };
 }
-/**
- * Return true if any metered API key is detected.
- * When true, the system defaults to conservative API usage and should
- * confirm before expensive operations.
- *
- * @param {ReturnType<typeof detectCapabilities> extends Promise<infer T> ? T : never} capabilities
- * @returns {boolean}
- */
-function needsApiGuardrail(capabilities) {
-  return !!(capabilities?.openai?.metered);
-}
 /**
  * Generate an honest 2-3 line onboarding/status message based on
  * what we can actually verify.
@@ -237,9 +218,8 @@ function needsApiGuardrail(capabilities) {
  */
 function getOnboardingMessage(capabilities, workStyle = 'balanced') {
   const found = [];
-  if (capabilities?.claude?.available)  found.push('Claude Code');
-  if (capabilities?.openai?.available)  found.push('OpenAI API');
-  if (capabilities?.codex?.available && !capabilities?.openai?.available) found.push('Codex CLI');
+  if (capabilities?.claude?.available)  found.push('Claude · subscription');
+  if (capabilities?.codex?.available)   found.push('OpenAI · Codex subscription');
   const styleLabels = {
     'balanced':      'Balanced — smart routing, reviews on important changes',
@@ -258,16 +238,11 @@ function getOnboardingMessage(capabilities, workStyle = 'balanced') {
   lines.push(`Found: ${found.join(', ')}`);
   lines.push(`  Mode: ${modeLabel}`);
-  // Tip: suggest OpenAI if only Claude is available
-  if (capabilities?.claude?.available && !capabilities?.openai?.available && !capabilities?.codex?.available) {
+  // Tip: suggest Codex if only Claude is available
+  if (capabilities?.claude?.available && !capabilities?.codex?.available) {
     lines.push('  Tip: Run codex login for dual-brain collaboration');
   }
-  // Warn about metered billing
-  if (capabilities?.openai?.metered) {
-    lines.push('  Note: OpenAI API key detected — usage is metered, guardrails enabled');
-  }
   return lines.join('\n');
 }
@@ -393,9 +368,8 @@ async function runOnboarding(opts = {}) {
     // Show what we found honestly
     const foundProviders = [];
-    if (capabilities.claude.available)  foundProviders.push('Claude Code');
-    if (capabilities.openai.available)  foundProviders.push('OpenAI API (metered)');
-    if (capabilities.codex.available && !capabilities.openai.available) foundProviders.push('Codex CLI');
+    if (capabilities.claude.available)  foundProviders.push('Claude · subscription');
+    if (capabilities.codex.available)   foundProviders.push('OpenAI · Codex subscription');
     if (foundProviders.length > 0) {
       process.stdout.write(`Detected: ${foundProviders.join(', ')}\n\n`);
@@ -405,15 +379,14 @@ async function runOnboarding(opts = {}) {
     // Enable providers based on what's available
     profile.providers.claude.enabled = capabilities.claude.available;
-    profile.providers.openai.enabled = capabilities.openai.available || capabilities.codex.available;
-    profile.apiGuardrail = needsApiGuardrail(capabilities);
+    profile.providers.openai.enabled = capabilities.codex.available;
     // If detection missed something, ask
-    if (!capabilities.claude.available && !capabilities.openai.available && !capabilities.codex.available) {
-      const q1 = (await ask('Which AI providers do you have access to?\n  (1) Claude Code only  (2) OpenAI API only  (3) Both  (4) Neither\n> ')).trim();
+    if (!capabilities.claude.available && !capabilities.codex.available) {
+      const q1 = (await ask('Which AI providers do you have access to?\n  (1) Claude only  (2) OpenAI Codex only  (3) Both  (4) Neither\n> ')).trim();
       if (q1 === '1') { profile.providers.claude.enabled = true; }
-      else if (q1 === '2') { profile.providers.claude.enabled = false; profile.providers.openai.enabled = true; profile.apiGuardrail = true; }
-      else if (q1 === '3') { profile.providers.claude.enabled = true; profile.providers.openai.enabled = true; profile.apiGuardrail = true; }
+      else if (q1 === '2') { profile.providers.claude.enabled = false; profile.providers.openai.enabled = true; }
+      else if (q1 === '3') { profile.providers.claude.enabled = true; profile.providers.openai.enabled = true; }
     }
     const q3 = (await ask('\nDefault work style?\n  (1) Save usage  (2) Balanced  (3) Best quality\n> ')).trim();
@@ -546,19 +519,16 @@ async function autoSetup(cwd) {
     result.actions.push(`Claude: available (${capabilities.claude.source})`);
   } else {
     profile.providers.claude.enabled = false;
-    result.warnings.push('Claude not detected — install Claude Code or set ANTHROPIC_API_KEY');
+    result.warnings.push('Claude not detected — run: claude login');
   }
   // OpenAI / Codex
-  if (capabilities.openai.available) {
+  if (capabilities.codex.available) {
     profile.providers.openai.enabled = true;
-    result.actions.push('OpenAI: API key detected (metered billing — guardrails enabled)');
-  } else if (capabilities.codex.available) {
-    profile.providers.openai.enabled = true;
-    result.actions.push('Codex CLI: available');
+    result.actions.push('Codex CLI: available (subscription)');
   } else {
     profile.providers.openai.enabled = false;
-    result.warnings.push('OpenAI not detected — add OPENAI_API_KEY or install Codex CLI');
+    result.warnings.push('OpenAI not detected — run: codex login');
   }
   // Mode
@@ -568,7 +538,6 @@ async function autoSetup(cwd) {
     : 'solo-openai';
   profile.bias = 'balanced';
   profile.workStyle = 'balanced';
-  profile.apiGuardrail = needsApiGuardrail(capabilities);
   profile.capabilities = capabilities;
   profile.detectedAt = new Date().toISOString();
@@ -909,17 +878,6 @@ export async function checkCredentialHealth(cred, cwd = process.cwd()) {
       } catch {
         health = 'healthy'; // cli works, auth check unavailable
       }
-    } else if (cred.auth_type === 'api_key') {
-      if (cred.source === 'replit_secret') {
-        try {
-          const { hasSecret } = await import('./replit.mjs');
-          health = hasSecret(cred.env_var || cred.id.toUpperCase().replace(/-/g, '_')) ? 'healthy' : 'unhealthy';
-        } catch { health = 'unknown'; }
-      } else {
-        // env source
-        const varName = cred.env_var || cred.id.toUpperCase().replace(/-/g, '_');
-        health = (process.env[varName] && process.env[varName].length > 0) ? 'healthy' : 'unhealthy';
-      }
     }
   } catch { health = 'unknown'; }
   return { ...cred, health, last_checked_at: new Date().toISOString() };
@@ -949,64 +907,24 @@ export async function detectCredentials(cwd = process.cwd()) {
     });
   }
-  // ANTHROPIC_API_KEY
-  if (process.env.ANTHROPIC_API_KEY) {
-    found.push({
-      id: 'anthropic-api-key',
-      provider: 'claude',
-      auth_type: 'api_key',
-      source: 'env',
-      env_var: 'ANTHROPIC_API_KEY',
-      owner: 'user',
-      scope: 'local',
-      plan_hint: null,
-      enabled: true,
-      health: 'healthy',
-      last_checked_at: new Date().toISOString(),
-    });
-  }
-  // OPENAI_API_KEY (env)
-  if (process.env.OPENAI_API_KEY) {
+  // Codex CLI (subscription-based OpenAI access)
+  try {
+    execSync('which codex', { stdio: 'pipe', timeout: 2000 });
+    let codexHealth = 'unknown';
+    try { execSync('codex --version', { stdio: 'pipe', timeout: 3000 }); codexHealth = 'healthy'; } catch { codexHealth = 'degraded'; }
     found.push({
-      id: 'openai-api-key',
+      id: 'openai-codex-cli',
       provider: 'openai',
-      auth_type: 'api_key',
-      source: 'env',
-      env_var: 'OPENAI_API_KEY',
+      auth_type: 'cli_oauth',
+      source: 'local_cli',
       owner: 'user',
       scope: 'local',
       plan_hint: null,
       enabled: true,
-      health: 'healthy',
+      health: codexHealth,
       last_checked_at: new Date().toISOString(),
     });
-  }
-  // Replit secrets
-  try {
-    const { hasSecret } = await import('./replit.mjs');
-    const secretsToCheck = ['OPENAI_API_KEY', 'ANTHROPIC_API_KEY'];
-    for (const name of secretsToCheck) {
-      if (!process.env[name] && hasSecret(name)) {
-        const provider = name.startsWith('OPENAI') ? 'openai' : 'claude';
-        const id = name.toLowerCase().replace(/_/g, '-') + '-replit';
-        found.push({
-          id,
-          provider,
-          auth_type: 'api_key',
-          source: 'replit_secret',
-          env_var: name,
-          owner: 'user',
-          scope: 'workspace',
-          plan_hint: null,
-          enabled: true,
-          health: 'healthy',
-          last_checked_at: new Date().toISOString(),
-        });
-      }
-    }
-  } catch { /* replit.mjs unavailable */ }
+  } catch { /* codex not in PATH */ }
   return found;
 }
@@ -1120,12 +1038,12 @@ export async function getCapabilityManifest(cwd = process.cwd()) {
     budget: { pressure5h: 0, pressure7d: 0 }, source: 'none' };
   try {
-    // available: claude CLI or CLAUDE_CODE env or replit-tools claude dir
+    // available: CLAUDE_CODE env, claude CLI, or replit-tools claude dir
     const claudeDir       = join(homedir(), '.claude');
     const replitClaudeDir = join(cwd, '.replit-tools', '.claude-persistent');
-    if (process.env.CLAUDE_CODE || process.env.ANTHROPIC_API_KEY) {
+    if (process.env.CLAUDE_CODE) {
       claudeProvider.available = true;
-      claudeProvider.source    = process.env.ANTHROPIC_API_KEY ? 'env' : 'credentials';
+      claudeProvider.source    = 'credentials';
     } else if (existsSync(claudeDir) || existsSync(replitClaudeDir)) {
       claudeProvider.available = true;
       claudeProvider.source    = existsSync(replitClaudeDir) ? 'replit-tools' : 'credentials';
@@ -1164,15 +1082,12 @@ export async function getCapabilityManifest(cwd = process.cwd()) {
     budget: { pressure5h: 0, pressure7d: 0 }, source: 'none' };
   try {
-    let hasSecret = false;
-    try { const { hasSecret: hs } = await import('./replit.mjs'); hasSecret = hs('OPENAI_API_KEY'); } catch { hasSecret = !!(process.env.OPENAI_API_KEY); }
     let codexAvailable = false;
     try { execSync('which codex', { stdio: 'pipe', timeout: 2000 }); codexAvailable = true; } catch { /* not in PATH */ }
-    openaiProvider.available      = hasSecret || codexAvailable;
-    openaiProvider.authenticated  = hasSecret;
-    openaiProvider.source         = hasSecret ? 'env' : codexAvailable ? 'codex-config' : 'none';
+    openaiProvider.available      = codexAvailable;
+    openaiProvider.authenticated  = codexAvailable;
+    openaiProvider.source         = codexAvailable ? 'codex-cli' : 'none';
   } catch { /* detection failed */ }
   openaiProvider.plan   = normalizePlan(orchProv.openai?.subscription ?? orchSubs.openai?.plan);
@@ -1387,7 +1302,7 @@ async function main() {
     `head model : ${getHeadModel(profile)}`,
     `providers  : ${providers.map(p => p.name).join(', ') || 'none'}`,
     `prefs      : ${profile.preferences?.filter(p => p.enabled).length || 0} active`,
-    `guardrail  : ${needsApiGuardrail(caps) ? 'enabled (metered API key detected)' : 'off'}`,
+    `guardrail  : off`,
     '',
     getOnboardingMessage(caps, profile.workStyle || profile.bias),
   ].forEach(l => process.stdout.write(l + '\n'));
@@ -1404,7 +1319,7 @@ export {
   loadProfile, saveProfile, ensureProfile, runOnboarding,
   rememberPreference, forgetPreference, getActivePreferences,
   getAvailableProviders, isSoloBrain, getHeadModel,
-  detectCapabilities, getOnboardingMessage, needsApiGuardrail,
+  detectCapabilities, getOnboardingMessage,
   syncPreferencesToMemory,
   detectAuth, detectEnvironment,
   autoSetup, autoRefreshToken,

package/src/replit.mjs CHANGED Viewed

@@ -339,7 +339,7 @@ const SYSTEM_PREFIXES = [
 ];
 const KNOWN_SECRET_NAMES = [
-  'OPENAI_API_KEY', 'ANTHROPIC_API_KEY', 'DATABASE_URL', 'REPLIT_DB_URL',
+  'DATABASE_URL', 'REPLIT_DB_URL',
   'GITHUB_TOKEN', 'GITHUB_API_TOKEN', 'NPM_TOKEN', 'NPM_AUTH_TOKEN',
   'STRIPE_SECRET_KEY', 'STRIPE_API_KEY', 'AWS_ACCESS_KEY_ID',
   'AWS_SECRET_ACCESS_KEY', 'GOOGLE_API_KEY', 'GOOGLE_APPLICATION_CREDENTIALS',