jeo-code 0.1.0

package/src/commands/auth.ts

@@ -0,0 +1,144 @@
+import { createInterface } from "node:readline/promises";
+import { readGlobalConfig } from "../agent/state";
+import {
+  OAUTH_FLOWS,
+  OAUTH_FLOW_REGISTRY,
+  openInBrowser,
+  interactiveLogin,
+  loginOAuth,
+  logoutOAuth,
+  refreshOAuthToken,
+  snapshotProvider,
+  type AuthProvider,
+  type OAuthController,
+} from "../auth";
+
+export async function runAuthCommand(args: string[]): Promise<void> {
+  const sub = args[0];
+  if (!sub || sub === "status") return runAuthStatus();
+  if (sub === "login") return runAuthLogin(args.slice(1));
+  if (sub === "logout") return runAuthLogout(args[1] as AuthProvider | undefined);
+  if (sub === "refresh") return runAuthRefresh(args[1] as AuthProvider | undefined);
+  console.log(`Unknown auth subcommand: ${sub}\nUsage: joc auth [login|logout|refresh|status] [provider] [--token <bearer>]`);
+  process.exitCode = 1;
+}
+
+function fmtExpiry(expires?: number): string {
+  if (!expires) return "";
+  const ms = expires - Date.now();
+  if (ms <= 0) return " (expired — will auto-refresh)";
+  const mins = Math.round(ms / 60000);
+  if (mins < 60) return ` (expires in ${mins}m)`;
+  return ` (expires in ${Math.round(mins / 60)}h)`;
+}
+
+async function runAuthStatus(): Promise<void> {
+  const cfg = await readGlobalConfig();
+  console.log("\n=== joc auth status ===");
+  console.log("Provider     API key   OAuth");
+  for (const p of ["anthropic", "openai", "gemini"] as AuthProvider[]) {
+    const snap = await snapshotProvider(p);
+    const key = snap.apiKey ? "set" : "—";
+    let oauth = "—";
+    if (snap.oauth) {
+      oauth = snap.oauthHasRefresh ? "set (refreshable)" : "set (manual)";
+      oauth += fmtExpiry(snap.oauthExpires);
+      if (snap.oauthEmail) oauth += ` <${snap.oauthEmail}>`;
+    }
+    console.log(`  ${p.padEnd(11)} ${key.padEnd(9)} ${oauth}`);
+  }
+  console.log(`\nDefault model: ${cfg.defaultModel}`);
+  console.log(`Ollama base:   ${cfg.ollamaBaseUrl ?? "—"}`);
+  console.log(`OpenAI base:   ${cfg.openaiBaseUrl ?? "(api.openai.com/v1)"}`);
+}
+
+async function runAuthLogin(rest: string[]): Promise<void> {
+  const tokenIdx = rest.indexOf("--token");
+  const manualToken = tokenIdx >= 0 ? rest[tokenIdx + 1] : undefined;
+  const provider = rest.find((a, i) => a !== "--token" && rest[i - 1] !== "--token") as AuthProvider | undefined;
+
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  const chosen = provider ?? (await selectProvider(rl));
+  if (!chosen) {
+    rl.close();
+    return;
+  }
+
+  // Non-interactive paste path (`--token`): store as a manual bearer.
+  if (manualToken) {
+    rl.close();
+    await loginOAuth(chosen, manualToken.trim());
+    console.log(`[SUCCESS] Stored manual OAuth bearer for ${chosen} (no auto-refresh).`);
+    return;
+  }
+
+  const flow = OAUTH_FLOW_REGISTRY[chosen];
+  console.log(`\n=== joc auth login — ${flow.label} ===`);
+  if (!flow.verifiedEndToEnd && flow.note) console.log(`Note: ${flow.note}`);
+  for (const line of OAUTH_FLOWS[chosen].instructions) console.log("  " + line);
+  console.log("");
+
+  const ctrl: OAuthController = {
+    onAuth: ({ url, instructions }) => {
+      console.log(`Opening browser:\n  ${url}\n`);
+      if (instructions) console.log(instructions + "\n");
+      void openInBrowser(url);
+    },
+    onProgress: msg => console.log(`  … ${msg}`),
+    onManualCodeInput: async () =>
+      (await rl.question("Paste redirect URL or code (or wait for the browser callback): ")).trim(),
+  };
+
+  try {
+    const { email } = await interactiveLogin(chosen, ctrl);
+    console.log(`\n[SUCCESS] OAuth login complete for ${chosen}${email ? ` (${email})` : ""}.`);
+    console.log("Stored access + refresh tokens in ~/.joc/config.json; joc will auto-refresh on expiry.");
+  } catch (err) {
+    console.log(`\n[FAILED] ${(err as Error).message}`);
+    console.log("Tip: paste the redirect URL when prompted, or use 'joc auth login <provider> --token <bearer>'.");
+    process.exitCode = 1;
+  } finally {
+    rl.close();
+  }
+}
+
+async function runAuthLogout(provider?: AuthProvider): Promise<void> {
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  const chosen = provider ?? (await selectProvider(rl, "logout"));
+  rl.close();
+  if (!chosen) return;
+  const removed = await logoutOAuth(chosen);
+  console.log(removed ? `[SUCCESS] Removed OAuth token for ${chosen}.` : `No OAuth token stored for ${chosen}.`);
+}
+
+async function runAuthRefresh(provider?: AuthProvider): Promise<void> {
+  if (!provider) {
+    console.log("Usage: joc auth refresh <provider>");
+    process.exitCode = 1;
+    return;
+  }
+  const result = await refreshOAuthToken(provider);
+  console.log(
+    result.refreshed
+      ? `[SUCCESS] Refreshed ${provider} OAuth token.`
+      : `[SKIP] ${provider}: ${result.reason}.`
+  );
+}
+
+async function selectProvider(
+  rl: ReturnType<typeof createInterface>,
+  action = "login"
+): Promise<AuthProvider | null> {
+  console.log(`\nWhich provider do you want to ${action}?`);
+  console.log("  1) anthropic   (real PKCE OAuth, verified end-to-end)");
+  console.log("  2) openai      (real PKCE OAuth, Codex backend)");
+  console.log("  3) gemini      (real Google OAuth, Cloud Code Assist)");
+  const ans = (await rl.question("Choose [1-3]: ")).trim();
+  const map: Record<string, AuthProvider> = { "1": "anthropic", "2": "openai", "3": "gemini" };
+  const p = map[ans];
+  if (!p) {
+    console.log("Invalid choice.");
+    return null;
+  }
+  return p;
+}

package/src/commands/chat.ts

@@ -0,0 +1,37 @@
+import { createModelManager } from "../ai/model-manager";
+
+/**
+ * `joc chat "<message>"` — a quick, single-shot streaming chat (no tools).
+ * Renders the reply token-by-token via the provider streaming path
+ * (`ModelManager.stream`), complementary to the tool-loop `joc launch`.
+ */
+export async function runChatCommand(args: string[] = []): Promise<void> {
+  let message = args.join(" ").trim();
+  if (!message && !process.stdin.isTTY) message = (await Bun.stdin.text()).trim();
+  if (!message) {
+    console.log('Usage: joc chat "<message>"   (streams the reply token-by-token)');
+    process.exitCode = 1;
+    return;
+  }
+
+  const manager = createModelManager();
+  process.stdout.write("joc> ");
+  let any = false;
+  let usage: { inputTokens?: number; outputTokens?: number; durationMs?: number } | undefined;
+  try {
+    for await (const chunk of manager.stream([{ role: "user", content: message }], { onUsage: u => { usage = u; } })) {
+      process.stdout.write(chunk);
+      any = true;
+    }
+  } catch (err) {
+    process.stdout.write("\n");
+    console.log(`! ${(err as Error).message}`);
+    process.exitCode = 1;
+    return;
+  }
+  process.stdout.write(any ? "\n" : "(no output)\n");
+  if (usage && (usage.inputTokens != null || usage.outputTokens != null)) {
+    const tps = usage.outputTokens && usage.durationMs ? ` · ${Math.round((usage.outputTokens / usage.durationMs) * 1000)} tok/s` : "";
+    console.log(`(${usage.inputTokens ?? "?"} in / ${usage.outputTokens ?? "?"} out tokens${tps})`);
+  }
+}

package/src/commands/deep-interview.ts

@@ -0,0 +1,239 @@
+import * as fs from "node:fs/promises";
+import * as path from "node:path";
+import { createInterface } from "node:readline/promises";
+import { callLlm, type Message } from "../agent/loop";
+import { extractJsonObject } from "../agent/json";
+import { meter } from "../tui/components/meter";
+import {
+  readWorkflowState,
+  writeWorkflowState,
+  clearWorkflowState,
+  type WorkflowState,
+  getLocalJocDir,
+} from "../agent/state";
+
+interface SocraticResponse {
+  ambiguityScore: number;
+  assessment: string;
+  nextQuestion: string;
+  goal?: string;
+  constraints?: string[];
+  acceptance_criteria?: string[];
+}
+
+export async function runDeepInterviewCommand(args: string[]): Promise<void> {
+  const auto = args.includes("--auto") || !process.stdin.isTTY;
+  const filteredArgs = args.filter(arg => arg !== "--auto");
+  const cwd = process.cwd();
+  const rl = createInterface({
+    input: process.stdin,
+    output: process.stdout,
+  });
+
+  // Check for active state
+  let state = await readWorkflowState("deep-interview", cwd);
+  if (state && state.active && state.current_phase !== "complete") {
+    if (auto) {
+      await clearWorkflowState("deep-interview", cwd);
+      state = null;
+      console.log("Cleared previous state. Starting fresh.");
+    } else {
+      const resume = await rl.question(
+        `\n[ALERT] An active requirements gathering session is already in progress (Ambiguity: ${((state.current_ambiguity ?? 1) * 100).toFixed(0)}%).\n` +
+        `Would you like to resume it? [Y/n]: `
+      );
+      if (resume.trim().toLowerCase() === "n") {
+        await clearWorkflowState("deep-interview", cwd);
+        state = null;
+        console.log("Cleared previous state. Starting fresh.");
+      } else {
+        console.log("Resuming active Socratic interview session...");
+      }
+    }
+  }
+
+  // Determine initial idea
+  let initialIdea = "";
+  if (state) {
+    initialIdea = state.initial_idea ?? "";
+  } else {
+    // If we have CLI args, use them. Otherwise, prompt the user.
+    initialIdea = filteredArgs.join(" ");
+    if (!initialIdea.trim()) {
+      if (auto) {
+        console.log("Error: Initial project idea cannot be empty.");
+        rl.close();
+        return;
+      } else {
+        initialIdea = await rl.question("\nEnter your initial project idea: ");
+      }
+    }
+  }
+
+  if (!initialIdea.trim()) {
+    console.log("Error: Initial project idea cannot be empty.");
+    rl.close();
+    return;
+  }
+
+  const slug = state?.slug || initialIdea
+    .toLowerCase()
+    .replace(/[^a-z0-9\s-]/g, "")
+    .trim()
+    .split(/\s+/)
+    .slice(0, 5)
+    .join("-");
+
+  const interviewId = state?.interview_id || crypto.randomUUID();
+
+  if (!state) {
+    state = {
+      active: true,
+      current_phase: "interviewing",
+      skill: "deep-interview",
+      interview_id: interviewId,
+      slug,
+      initial_idea: initialIdea,
+      current_ambiguity: 1.0,
+      threshold: 0.2,
+    };
+    await writeWorkflowState("deep-interview", state, cwd);
+  }
+
+  // Setup initial message history
+  const history: Message[] = [
+    {
+      role: "system",
+      content:
+        `You are the Socratic Interviewer, a veteran requirements engineer who helps software engineers refine their ideas before writing code.\n` +
+        `Your absolute goal is to assess ambiguity across three key dimensions:\n` +
+        `1. Goal Clarity\n` +
+        `2. Constraint Completeness\n` +
+        `3. Success/Acceptance Criteria Definition\n\n` +
+        `Provide an output strictly in JSON format. Do not write any text outside of the JSON block.\n` +
+        `Structure your output EXACTLY as follows:\n` +
+        `{\n` +
+        `  "ambiguityScore": 0.0 to 1.0,\n` +
+        `  "assessment": "Assessment details here",\n` +
+        `  "nextQuestion": "Your Socratic question here to target the weakest dimension",\n` +
+        `  "goal": "Optional: qualitative goal definition once ambiguity is <= 0.2",\n` +
+        `  "constraints": ["Optional list of constraints once ambiguity is <= 0.2"],\n` +
+        `  "acceptance_criteria": ["Optional list of acceptance criteria once ambiguity is <= 0.2"]\n` +
+        `}\n` +
+        `Ensure ambiguityScore drops dynamically as more detail is gathered. When details are sufficient, set ambiguityScore to <= 0.2.`
+    },
+    {
+      role: "user",
+      content: `Here is my initial idea: "${initialIdea}"`
+    }
+  ];
+
+  console.log(`\n=== Starting Socratic Interview: ${slug} ===`);
+  console.log(`Initial Idea: "${initialIdea}"`);
+  console.log(`Ambiguity Threshold: 20% (interview finishes once ambiguity <= 20%)\n`);
+
+  let round = 1;
+  let ambiguity = 1.0;
+  let lastParsed: SocraticResponse | undefined;
+
+  const freezeSeed = async (parsed?: SocraticResponse): Promise<void> => {
+    const seedDir = path.join(getLocalJocDir(cwd), "seeds");
+    await fs.mkdir(seedDir, { recursive: true });
+    const seedPath = path.join(seedDir, `seed-${slug}.yaml`);
+    const constraints = parsed?.constraints?.length
+      ? parsed.constraints.map(c => `  - "${c}"`).join("\n")
+      : `  - "TypeScript / Bun runtime"`;
+    const criteria = parsed?.acceptance_criteria?.length
+      ? parsed.acceptance_criteria.map(a => `  - "${a}"`).join("\n")
+      : `  - "Runs successfully in the terminal"`;
+    const seedContent =
+      `# Frozen Specification Seed\n` +
+      `slug: ${slug}\n` +
+      `interview_id: ${interviewId}\n` +
+      `goal: "${parsed?.goal || initialIdea}"\n` +
+      `constraints:\n${constraints}\n\n` +
+      `acceptance_criteria:\n${criteria}\n`;
+    await fs.writeFile(seedPath, seedContent, "utf-8");
+    state!.current_phase = "complete";
+    state!.seed_path = seedPath;
+    await writeWorkflowState("deep-interview", state!, cwd);
+    console.log(`Saved frozen requirements spec seed to: ${seedPath}`);
+  };
+
+  while (ambiguity > 0.2 && round <= 10) {
+    console.log(`\n[Round ${round}] Analyzing requirements...`);
+    
+    try {
+      const responseText = await callLlm(history, { jsonMode: true });
+      const parsed = extractJsonObject<SocraticResponse>(responseText);
+      lastParsed = parsed;
+
+      ambiguity = parsed.ambiguityScore;
+      state.current_ambiguity = ambiguity;
+      await writeWorkflowState("deep-interview", state, cwd);
+
+      console.log(`Ambiguity ${meter(ambiguity)}  (Assessment: ${parsed.assessment})`);
+
+      if (ambiguity <= 0.2) {
+        console.log(`\n[SUCCESS] Ambiguity is <= 20%! Concluding requirements gather.`);
+        await freezeSeed(parsed);
+        console.log("\n[Handoff Ready] Requirement is crystallized. Next, run 'joc ralplan' to build a plan.");
+        break;
+      }
+
+      console.log(`\nQuestion: ${parsed.nextQuestion}`);
+      let answer = "";
+      if (auto) {
+        answer = "Use sensible, conventional defaults and proceed. Optimize for a minimal correct implementation.";
+      } else {
+        answer = await rl.question("\nYour Answer: ");
+      }
+      
+      history.push({ role: "assistant", content: responseText });
+      history.push({ role: "user", content: answer });
+      round++;
+
+    } catch (error: any) {
+      console.log(`\n[Error calling LLM]: ${error.message}`);
+      break;
+    }
+  }
+
+  // --auto must always yield a seed: if the gate wasn't reached within the round
+  // cap, freeze a best-effort seed from the last assessment so the pipeline proceeds.
+  if (state.current_phase !== "complete" && auto) {
+    const currentAmbiguity = state.current_ambiguity ?? 1.0;
+    const threshold = state.threshold ?? 0.2;
+    if (currentAmbiguity > threshold) {
+      console.log(`\n[AUTO] Ambiguity gate not reached in ${round - 1} rounds (${(currentAmbiguity * 100).toFixed(0)}% > ${(threshold * 100).toFixed(0)}%); saving draft seed.`);
+      const seedDir = path.join(getLocalJocDir(cwd), "seeds");
+      await fs.mkdir(seedDir, { recursive: true });
+      const seedPath = path.join(seedDir, `seed-${slug}.draft.yaml`);
+      const constraints = lastParsed?.constraints?.length
+        ? lastParsed.constraints.map(c => `  - "${c}"`).join("\n")
+        : `  - "TypeScript / Bun runtime"`;
+      const criteria = lastParsed?.acceptance_criteria?.length
+        ? lastParsed.acceptance_criteria.map(a => `  - "${a}"`).join("\n")
+        : `  - "Runs successfully in the terminal"`;
+      const seedContent =
+        `# Draft Specification Seed\n` +
+        `slug: ${slug}\n` +
+        `interview_id: ${interviewId}\n` +
+        `goal: "${lastParsed?.goal || initialIdea}"\n` +
+        `constraints:\n${constraints}\n\n` +
+        `acceptance_criteria:\n${criteria}\n`;
+      await fs.writeFile(seedPath, seedContent, "utf-8");
+      
+      state.current_phase = "interviewing";
+      state.seed_path = seedPath;
+      await writeWorkflowState("deep-interview", state, cwd);
+      console.log(`Saved draft requirements spec seed to: ${seedPath}`);
+    } else {
+      console.log(`\n[AUTO] Ambiguity gate reached in ${round - 1} rounds; freezing a best-effort seed.`);
+      await freezeSeed(lastParsed);
+      console.log("[Handoff Ready] Best-effort seed frozen. Next, run 'joc ralplan'.");
+    }
+  }
+
+  rl.close();
+}

package/src/commands/doctor.ts

@@ -0,0 +1,250 @@
+import { readGlobalConfig } from "../agent/state";
+import { resolveCredential, snapshotProvider, type AuthProvider, type Credential } from "../auth";
+import { resolveProvider } from "../ai";
+import { resolveModelId } from "../ai/model-registry";
+import { meter } from "../tui/components/meter";
+import { size } from "../tui/terminal";
+import chalk from "chalk";
+
+interface ProbeResult {
+  status: "ok" | "fail" | "skipped";
+  detail: string;
+  latencyMs?: number;
+}
+
+const APP_NAME = "joc";
+const PROBE_TIMEOUT_MS = 4000;
+
+async function timedFetch(url: string, init: RequestInit): Promise<{ res: Response; latencyMs: number }> {
+  const start = performance.now();
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), PROBE_TIMEOUT_MS);
+  try {
+    const res = await fetch(url, { ...init, signal: ctrl.signal });
+    return { res, latencyMs: Math.round(performance.now() - start) };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+async function probeOpenAi(credential: Credential, baseUrl: string | undefined): Promise<ProbeResult> {
+  const base = (baseUrl ?? "https://api.openai.com/v1").replace(/\/$/, "");
+  const token = credential.kind === "oauth" || credential.kind === "api_key" ? credential.token : "no-key";
+  try {
+    const { res, latencyMs } = await timedFetch(`${base}/models`, {
+      headers: { Authorization: `Bearer ${token}` },
+    });
+    if (res.ok) return { status: "ok", detail: `GET ${base}/models 200`, latencyMs };
+    return { status: "fail", detail: `GET ${base}/models ${res.status}`, latencyMs };
+  } catch (err) {
+    return { status: "fail", detail: `network error: ${(err as Error).message}` };
+  }
+}
+
+async function probeGemini(credential: Credential): Promise<ProbeResult> {
+  if (credential.kind === "none") {
+    return { status: "skipped", detail: "no credential (run 'joc setup' or 'joc auth login gemini')" };
+  }
+  const key = credential.kind === "api_key" ? credential.token : "";
+  const url = credential.kind === "oauth"
+    ? "https://generativelanguage.googleapis.com/v1beta/models"
+    : `https://generativelanguage.googleapis.com/v1beta/models?key=${key}`;
+  try {
+    const { res, latencyMs } = await timedFetch(url, {
+      headers: credential.kind === "oauth"
+        ? { authorization: `Bearer ${credential.token}` }
+        : {},
+    });
+    if (res.ok) return { status: "ok", detail: "GET /v1beta/models 200", latencyMs };
+    return { status: "fail", detail: `GET /v1beta/models ${res.status}`, latencyMs };
+  } catch (err) {
+    return { status: "fail", detail: `network error: ${(err as Error).message}` };
+  }
+}
+
+async function probeAnthropic(credential: Credential): Promise<ProbeResult> {
+  if (credential.kind === "none") {
+    return { status: "skipped", detail: "no credential (run 'joc setup' or 'joc auth login anthropic')" };
+  }
+  // Anthropic has no free model-listing endpoint; verify auth by issuing a
+  // 1-token request that returns quickly without burning meaningful credit.
+  const headers: Record<string, string> = {
+    "content-type": "application/json",
+    "anthropic-version": "2023-06-01",
+  };
+  if (credential.kind === "oauth") {
+    headers.authorization = `Bearer ${credential.token}`;
+    headers["anthropic-beta"] = "oauth-2025-04-20";
+  } else {
+    headers["x-api-key"] = credential.token;
+  }
+  try {
+    const { res, latencyMs } = await timedFetch("https://api.anthropic.com/v1/messages", {
+      method: "POST",
+      headers,
+      body: JSON.stringify({
+        model: "claude-3-5-sonnet-20241022",
+        max_tokens: 1,
+        messages: [{ role: "user", content: "ping" }],
+      }),
+    });
+    if (res.ok) return { status: "ok", detail: "POST /v1/messages 200 (1-token probe)", latencyMs };
+    if (res.status === 401 || res.status === 403) {
+      return { status: "fail", detail: `auth rejected (${res.status})`, latencyMs };
+    }
+    return { status: "fail", detail: `POST /v1/messages ${res.status}`, latencyMs };
+  } catch (err) {
+    return { status: "fail", detail: `network error: ${(err as Error).message}` };
+  }
+}
+
+async function probeOllama(baseUrl: string): Promise<ProbeResult> {
+  const base = baseUrl.replace(/\/$/, "");
+  try {
+    const { res, latencyMs } = await timedFetch(`${base}/api/tags`, { method: "GET" });
+    if (res.ok) return { status: "ok", detail: `GET ${base}/api/tags 200`, latencyMs };
+    return { status: "fail", detail: `GET ${base}/api/tags ${res.status}`, latencyMs };
+  } catch (err) {
+    return { status: "fail", detail: `network error: ${(err as Error).message}` };
+  }
+}
+
+function colorStatus(status: ProbeResult["status"], label: string): string {
+  if (status === "ok") return chalk.green(label);
+  if (status === "skipped") return chalk.yellow(label);
+  return chalk.red(label);
+}
+
+function formatRow(provider: string, credKind: string, result: ProbeResult): string {
+  const status =
+    result.status === "ok" ? "  OK  " :
+    result.status === "skipped" ? " SKIP " :
+    " FAIL ";
+  const latency = result.latencyMs !== undefined ? `${result.latencyMs}ms` : "—";
+  // Visual latency bar (relative to a 2s baseline) for OK probes.
+  const bar = result.status === "ok" && result.latencyMs !== undefined ? `  ${meter(result.latencyMs, 2000, 12)}` : "";
+  return `  ${provider.padEnd(10)} ${credKind.padEnd(16)} [${colorStatus(result.status, status)}] ${latency.padEnd(7)} ${result.detail}${bar}`;
+}
+
+export async function runDoctorCommand(args: string[] = []): Promise<void> {
+  const strict = args.includes("--strict");
+  const json = args.includes("--json");
+  const config = await readGlobalConfig();
+  const resolvedModel = await resolveModelId(config.defaultModel);
+  const defaultProvider = resolveProvider(resolvedModel);
+  const ollamaBase = config.ollamaBaseUrl ?? "http://localhost:11434";
+
+  // --- Gather (probes run concurrently → ~1× the slowest timeout, not N×) ---
+  const probes: { name: string; credKind: string; result: ProbeResult }[] = [];
+  const cloud = ["anthropic", "openai", "gemini"] as AuthProvider[];
+  const cloudProbes = await Promise.all(
+    cloud.map(async provider => {
+      const credential = await resolveCredential(provider);
+      let result: ProbeResult;
+      if (provider === "openai") result = await probeOpenAi(credential, config.openaiBaseUrl);
+      else if (provider === "gemini") result = await probeGemini(credential);
+      else result = await probeAnthropic(credential);
+      return { name: provider, credKind: credential.kind, result };
+    })
+  );
+  const ollamaResult = await probeOllama(ollamaBase);
+  for (const p of cloudProbes) probes.push(p);
+  probes.push({ name: "ollama", credKind: "none (local)", result: ollamaResult });
+
+  const oauthHealth: { provider: string; refreshable: boolean; expiresInMin?: number; email?: string }[] = [];
+  for (const p of ["anthropic", "openai", "gemini"] as AuthProvider[]) {
+    const snap = await snapshotProvider(p);
+    if (!snap.oauth) continue;
+    oauthHealth.push({
+      provider: p,
+      refreshable: !!snap.oauthHasRefresh,
+      expiresInMin: snap.oauthExpires ? Math.round((snap.oauthExpires - Date.now()) / 60000) : undefined,
+      email: snap.oauthEmail,
+    });
+  }
+
+  const defaultProbe = probes.find(p => p.name === defaultProvider);
+  const ready = defaultProbe?.result.status === "ok";
+
+  // --- JSON output mode (CI / scripting) ---
+  if (json) {
+    const report = {
+      app: APP_NAME,
+      bunVersion: Bun.version,
+      defaultModel: { configured: config.defaultModel, resolved: resolvedModel, provider: defaultProvider },
+      ollamaBaseUrl: ollamaBase,
+      openaiBaseUrl: config.openaiBaseUrl ?? null,
+      terminal: {
+        cols: size().cols,
+        rows: size().rows,
+        colorLevel: chalk.level
+      },
+      providers: probes.map(p => ({
+        name: p.name,
+        credential: p.credKind,
+        status: p.result.status,
+        latencyMs: p.result.latencyMs ?? null,
+        detail: p.result.detail,
+      })),
+      oauth: oauthHealth,
+      ready,
+    };
+    console.log(JSON.stringify(report, null, 2));
+    if (strict && !ready) process.exit(1);
+    return;
+  }
+
+  // --- Human output ---
+  console.log("");
+  console.log(`=== ${APP_NAME} doctor ===`);
+  console.log("");
+  console.log(`Bun runtime:    v${Bun.version}`);
+  console.log(`Default model:  ${config.defaultModel}${resolvedModel !== config.defaultModel ? ` → ${resolvedModel}` : ""} → ${defaultProvider}`);
+  console.log(`Config:         ${process.env.HOME}/.joc/config.json`);
+  if (config.openaiBaseUrl) console.log(`OpenAI base:    ${config.openaiBaseUrl}`);
+  console.log(`Ollama base:    ${ollamaBase}`);
+
+  const termSize = size();
+  const tuiVerdict = termSize.cols < 40 
+    ? `${termSize.cols}x${termSize.rows} ${chalk.red("(too narrow for ASCII art)")}` 
+    : `${termSize.cols}x${termSize.rows} ${chalk.green("(ASCII art enabled)")}`;
+  console.log(`Terminal size:  ${tuiVerdict}`);
+  console.log(`Color support:  Level ${chalk.level} (${chalk.level > 0 ? chalk.green("enabled") : "disabled"})`);
+  console.log("");
+
+  console.log("Provider connectivity:");
+  console.log(`  ${"Provider".padEnd(10)} ${"Credential".padEnd(16)} ${"Status".padEnd(8)} ${"Latency".padEnd(7)} Detail`);
+  console.log(`  ${"-".repeat(75)}`);
+  for (const p of probes) console.log(formatRow(p.name, p.credKind, p.result));
+
+  console.log("");
+  const oauthLines = oauthHealth.map(o => {
+    let detail = o.refreshable ? "refreshable" : "manual (no refresh)";
+    if (o.expiresInMin !== undefined) detail += o.expiresInMin <= 0 ? ", expired (auto-refresh on next call)" : `, expires in ${o.expiresInMin}m`;
+    if (o.email) detail += `, ${o.email}`;
+    return `  ${o.provider.padEnd(10)} ${detail}`;
+  });
+  if (oauthLines.length) {
+    console.log("OAuth tokens:");
+    for (const line of oauthLines) console.log(line);
+    console.log("");
+  }
+
+  // Final verdict
+  if (ready) {
+    console.log(`${chalk.green("[READY]")} Default model '${config.defaultModel}' is reachable.`);
+  } else if (defaultProbe?.result.status === "skipped") {
+    console.log(
+      `${chalk.red("[NOT READY]")} Default model '${config.defaultModel}' resolves to '${defaultProvider}', ` +
+      `but no credential is configured. Run 'joc setup' or 'joc auth login ${defaultProvider}'.`
+    );
+  } else {
+    console.log(
+      `${chalk.red("[NOT READY]")} Default model '${config.defaultModel}' probe failed: ${defaultProbe?.result.detail ?? "unknown"}.`
+    );
+  }
+
+  if (strict && !ready) {
+    process.exit(1);
+  }
+}