machinaos 0.0.76 → 0.0.78

package/server/config/node_allowlist.json

@@ -1,5 +1,5 @@
 {
-  "_comment": "List node types to show in the Component Palette. Empty list or missing file = all nodes shown (default-on). Node type identifiers must match the 'type' class attribute on the plugin in server/nodes/<category>/<file>.py verbatim.",
+  "_comment": "Node visibility config. `enabled_nodes`: positive list shown in normal mode (empty = show all). `disabled_groups` / `disabled_nodes`: ABSOLUTE blocklist enforced in BOTH normal and dev mode — wins over enabled_nodes and over the show_all default. Use disabled_groups to hide every plugin in a backend group (e.g. 'android' hides all 16 Android service nodes + androidTool); use disabled_nodes for one-off type names like 'android_agent' that don't share the group label. Node type identifiers must match the 'type' class attribute on the plugin in server/nodes/<category>/<file>.py verbatim.",
   "enabled_nodes": [
     "start",
     "chatTrigger",
@@ -25,5 +25,20 @@
 
     "telegramSend",
     "telegramReceive"
+  ],
+  "disabled_groups": [
+    "android",
+    "email"
+  ],
+  "disabled_nodes": [
+    "android_agent",
+    "androidTool"
+  ],
+  "disabled_credential_categories": [
+    "android",
+    "email"
+  ],
+  "disabled_skill_folders": [
+    "android_agent"
   ]
 }

package/server/config/pricing.json

@@ -62,6 +62,14 @@
       "codestral-latest": {"input": 0.30, "output": 0.90},
       "open-mistral-nemo": {"input": 0.15, "output": 0.15},
       "_default": {"input": 0.20, "output": 0.60}
+    },
+    "ollama": {
+      "_description": "Local inference is free at the API layer — user-borne hardware costs are not tracked here.",
+      "_default": {"input": 0.00, "output": 0.00}
+    },
+    "lmstudio": {
+      "_description": "Local inference — same zero-cost convention as ollama.",
+      "_default": {"input": 0.00, "output": 0.00}
     }
   },
 

package/server/constants.py

@@ -20,6 +20,10 @@ AI_CHAT_MODEL_TYPES: FrozenSet[str] = frozenset([
     'deepseekChatModel',
     'kimiChatModel',
     'mistralChatModel',
+    # Local-server providers (Phase 1 of the LiteLLM adoption — see
+    # plans/i-plan-to-implement-nested-orbit.md).
+    'ollamaChatModel',
+    'lmstudioChatModel',
 ])
 
 AI_AGENT_TYPES: FrozenSet[str] = frozenset([
@@ -313,7 +317,7 @@ TRIGGER_TYPES: FrozenSet[str] = EVENT_TRIGGER_TYPES
 # unlike push-based triggers (WhatsApp, Webhook) that receive events externally.
 # In deployment mode, these get a dedicated polling loop instead of event_waiter.
 POLLING_TRIGGER_TYPES: FrozenSet[str] = frozenset([
-    'gmailReceive',
+    'googleGmailReceive',
     'twitterReceive',
     'emailReceive',
 ])
@@ -336,7 +340,7 @@ WORKFLOW_TRIGGER_TYPES: FrozenSet[str] = frozenset([
     'chatTrigger',
     'taskTrigger',
     'twitterReceive',
-    'gmailReceive',
+    'googleGmailReceive',
     'telegramReceive',
     'emailReceive',
 ])
@@ -348,31 +352,50 @@ WORKFLOW_TRIGGER_TYPES: FrozenSet[str] = frozenset([
 def detect_ai_provider(node_type: str, parameters: dict = None) -> str:
     """Detect AI provider from node type or parameters.
 
+    Substring match against the node type's lower-case form. Local-server
+    providers (ollama, lmstudio) MUST be checked here — without these
+    branches `lmstudioChatModel` falls through to the final ``return
+    'openai'`` and ``execute_chat`` ends up calling api.openai.com with
+    the local-server placeholder key, which is the exact symptom users
+    see as "401 from OpenAI when I picked LM Studio".
+
     Args:
-        node_type: The node type string
-        parameters: Optional parameters dict (used for aiAgent/chatAgent)
+        node_type: The node type string (e.g. "ollamaChatModel").
+        parameters: Optional parameters dict (used for aiAgent/chatAgent
+            where the provider lives in a dropdown, not the type).
 
     Returns:
-        Provider string: 'openai', 'anthropic', 'gemini', 'openrouter', 'groq', or 'cerebras'
+        Provider string matching a key in ``services.ai.PROVIDER_CONFIGS``.
     """
     # AI Agent types get provider from parameters
     if node_type in AI_AGENT_TYPES:
         return (parameters or {}).get('provider', 'openai')
-    elif 'deepseek' in node_type.lower():
+    nt = node_type.lower()
+    # Order matters: more-specific tokens first, so e.g. `lm_studio` /
+    # `lmstudio` / `lm-studio` all classify before any future generic
+    # `openai`-prefixed match could shadow them.
+    if 'deepseek' in nt:
         return 'deepseek'
-    elif 'kimi' in node_type.lower():
+    if 'kimi' in nt:
         return 'kimi'
-    elif 'mistral' in node_type.lower():
+    if 'mistral' in nt:
         return 'mistral'
-    elif 'cerebras' in node_type.lower():
+    if 'cerebras' in nt:
         return 'cerebras'
-    elif 'groq' in node_type.lower():
+    if 'groq' in nt:
         return 'groq'
-    elif 'openrouter' in node_type.lower():
+    if 'openrouter' in nt:
         return 'openrouter'
-    elif 'anthropic' in node_type.lower():
+    if 'anthropic' in nt:
         return 'anthropic'
-    elif 'gemini' in node_type.lower():
+    if 'gemini' in nt:
         return 'gemini'
-    else:
-        return 'openai'
+    # Local-server providers — match the LMStudioChatModelNode /
+    # OllamaChatModelNode plugin types so the runtime path reads the
+    # correct {provider}_proxy credential and the openai SDK is pointed
+    # at the user's local server, not api.openai.com.
+    if 'lmstudio' in nt or 'lm_studio' in nt or 'lm-studio' in nt:
+        return 'lmstudio'
+    if 'ollama' in nt:
+        return 'ollama'
+    return 'openai'

package/server/core/container.py

@@ -20,12 +20,12 @@ from core.credentials_database import CredentialsDatabase
 _clog("core imports done")
 from services.ai import AIService
 _clog("AIService imported")
-from services.maps import MapsService
+from nodes.location._service import MapsService
 from services.workflow import WorkflowService
 _clog("WorkflowService imported")
 from services.auth import AuthService
 from services.text import TextService
-from services.android_service import AndroidService
+from nodes.android._dispatcher import AndroidService
 from services.user_auth import UserAuthService
 from services.compaction import init_compaction_service
 _clog("all service imports done")

package/server/core/credentials_database.py

@@ -189,6 +189,7 @@ class CredentialsDatabase:
         api_key: str,
         models: Optional[List[str]] = None,
         session_id: str = "default",
+        model_params: Optional[Dict[str, Dict[str, Any]]] = None,
     ) -> None:
         """
         Save encrypted API key.
@@ -198,10 +199,23 @@ class CredentialsDatabase:
             api_key: Plaintext API key to encrypt and store
             models: List of available models for this key
             session_id: Session identifier (default: "default")
+            model_params: Optional per-model parameters keyed by model id, e.g.
+                ``{"qwen2.5-7b": {"context_length": 8192}}``. Used by local
+                providers (Ollama, LM Studio) where the context window depends
+                on what the user has loaded — the value is fetched from the
+                official SDK during validation. Stored alongside the model
+                list under the same JSON column (``model_params`` subkey) so
+                ``model_registry.get_context_length()`` can read the real
+                ctx instead of a JSON default. Cloud providers leave this
+                empty — their per-model params live in ``model_registry.json``
+                from OpenRouter.
         """
         key_id = f"{session_id}_{provider}"
         encrypted = self.encryption.encrypt(api_key)
         key_hash = hashlib.sha256(api_key.encode()).hexdigest()[:16]
+        models_blob: Dict[str, Any] = {"models": models or []}
+        if model_params:
+            models_blob["model_params"] = model_params
 
         async with self.get_session() as session:
             existing = await session.get(EncryptedAPIKey, key_id)
@@ -210,7 +224,7 @@ class CredentialsDatabase:
             if existing:
                 existing.key_encrypted = encrypted
                 existing.key_hash = key_hash
-                existing.models = {"models": models or []}
+                existing.models = models_blob
                 existing.is_valid = True
                 existing.last_validated = now
                 existing.updated_at = now
@@ -222,7 +236,7 @@ class CredentialsDatabase:
                         session_id=session_id,
                         key_encrypted=encrypted,
                         key_hash=key_hash,
-                        models={"models": models or []},
+                        models=models_blob,
                         is_valid=True,
                         last_validated=now,
                     )
@@ -230,6 +244,25 @@ class CredentialsDatabase:
             await session.commit()
             logger.debug(f"Saved encrypted API key for provider: {provider}")
 
+    async def get_api_key_model_params(
+        self, provider: str, session_id: str = "default"
+    ) -> Dict[str, Dict[str, Any]]:
+        """Return the per-model param map stored alongside the model list.
+
+        Empty dict if the provider has no entry, no params were stored,
+        or the row predates the ``model_params`` column. The runtime
+        path (``model_registry.get_context_length`` etc.) consults this
+        before falling back to JSON defaults so local-LLM context comes
+        from the actual loaded model, not a guess.
+        """
+        key_id = f"{session_id}_{provider}"
+        async with self.get_session() as session:
+            row = await session.get(EncryptedAPIKey, key_id)
+            if not row or not row.models:
+                return {}
+            params = row.models.get("model_params") or {}
+            return params if isinstance(params, dict) else {}
+
     async def get_api_key(
         self, provider: str, session_id: str = "default"
     ) -> Optional[str]:

package/server/core/logging.py

@@ -32,9 +32,10 @@ class WebSocketLogHandler(logging.Handler):
         self._source_map = {
             'services.workflow': 'workflow',
             'services.ai': 'ai',
-            'services.android': 'android',
-            'services.whatsapp_service': 'whatsapp',
-            'routers.android': 'android',
+            'nodes.android._relay': 'android',
+            'nodes.android._dispatcher': 'android',
+            'nodes.android._router': 'android',
+            'nodes.whatsapp._service': 'whatsapp',
             'routers.websocket': 'websocket',
             'routers.workflow': 'workflow',
             'services.execution': 'execution',

package/server/main.py

@@ -40,7 +40,7 @@ from core.config import Settings
 from core.logging import configure_logging, get_logger, setup_websocket_logging, shutdown_websocket_logging
 from core.tracing import init_tracing
 _startup_log("Importing routers...")
-from routers import workflow, database, maps, nodejs_compat, android, websocket, webhook, auth, twitter, google, credentials, schemas
+from routers import workflow, database, nodejs_compat, websocket, webhook, auth, credentials, schemas
 _startup_log("All imports complete")
 
 # Initialize settings, logging, and tracing.
@@ -75,18 +75,18 @@ async def lifespan(app: FastAPI):
     # Side-effect import; the package __init__ walks its submodules.
     import nodes  # noqa: F401
 
+    # Side-effect import: services/cli_agent/__init__.py self-registers
+    # `cli_login` / `cli_auth_status` into `services.ws_handler_registry`.
+    import services.cli_agent  # noqa: F401
+
     # Wire dependency injection
     container.wire(modules=[
         "routers.workflow",
         "routers.database",
-        "routers.maps",
         "routers.nodejs_compat",
-        "routers.android",
         "routers.websocket",
         "routers.webhook",
         "routers.auth",
-        "routers.twitter",
-        "routers.google",
         "middleware.auth"
     ])
 
@@ -293,6 +293,35 @@ async def lifespan(app: FastAPI):
     else:
         _startup_log("[Temporal] Disabled")
 
+    # Enter the CLI-agent MCP server's lifespan so its
+    # StreamableHTTPSessionManager task group is initialised (Starlette
+    # does NOT auto-propagate lifespans across `app.mount`). Stored on
+    # `app.state` so shutdown can exit the context cleanly.
+    cli_mcp_lifespan_ctx = None
+    try:
+        from services.cli_agent.mcp_server import get_mcp_app as _get_cli_mcp_app
+        _cli_mcp_app = _get_cli_mcp_app()
+        cli_mcp_lifespan_ctx = _cli_mcp_app.router.lifespan_context(_cli_mcp_app)
+        await cli_mcp_lifespan_ctx.__aenter__()
+        app.state.cli_mcp_lifespan_ctx = cli_mcp_lifespan_ctx
+        _startup_log("[CLI MCP] StreamableHTTP session manager initialised")
+    except Exception as exc:
+        logger.warning("[CLI MCP] lifespan init failed: %s", exc)
+
+    # One-time status-broadcaster refresh: populates the cache and runs
+    # the load-bearing auto-reconnects (Telegram bot via stored token,
+    # Android relay via stored pairing). Per-WS-client refresh used to
+    # do this on every connect, which produced an M-by-N storm under
+    # PartySocket's auto-reconnect on every page nav / network blip --
+    # the refresh now runs ONCE at startup, and state changes after
+    # that flow through the originating code path's event-driven
+    # broadcasts (whatsapp `_handle_event`, telegram `_broadcast_status`,
+    # OAuth callbacks, android relay broadcaster).
+    #
+    # Spawned as a background task so a slow upstream (Telegram getMe,
+    # Twitter token validation) doesn't block lifespan startup.
+    asyncio.create_task(get_status_broadcaster()._refresh_all_services())
+
     _startup_log("All services initialized")
     print("Application startup complete", flush=True)
     yield
@@ -334,11 +363,11 @@ async def lifespan(app: FastAPI):
         await _proxy_svc.shutdown()
 
     # Close Android relay client (prevents "Unclosed client session" warning)
-    from services.android.manager import close_relay_client
+    from nodes.android._relay.manager import close_relay_client
     await close_relay_client(clear_stored_session=False)
 
     # Shut down agent-browser daemon (prevents orphaned processes and EBUSY file locks)
-    from services.browser_service import shutdown_browser_service
+    from nodes.browser._service import shutdown_browser_service
     await shutdown_browser_service()
 
     # Kill all managed processes (process manager node)
@@ -361,6 +390,15 @@ async def lifespan(app: FastAPI):
         logger.info("Execution recovery sweeper stopped")
 
     shutdown_scheduler()  # Stop APScheduler
+
+    # Exit the CLI-agent MCP server's lifespan
+    cli_mcp_lifespan_ctx = getattr(app.state, "cli_mcp_lifespan_ctx", None)
+    if cli_mcp_lifespan_ctx is not None:
+        try:
+            await cli_mcp_lifespan_ctx.__aexit__(None, None, None)
+        except Exception as exc:
+            logger.debug("[CLI MCP] lifespan shutdown: %s", exc)
+
     await container.cache().shutdown()
     await container.database().shutdown()
     logger.info("Services shutdown complete")
@@ -415,20 +453,68 @@ app.add_middleware(
     expose_headers=["*"],
 )
 
-# Include routers
+# Include framework-level routers (everything that's NOT plugin-specific
+# stays here). Plugin-owned routers self-register via
+# ``services.ws_handler_registry.register_router`` from their plugin
+# folder's ``__init__.py`` and are mounted via the loop below — main.py
+# never imports a migrated plugin module by name.
 app.include_router(auth.router)  # Auth routes (login, register, logout, status)
 app.include_router(nodejs_compat.router)  # Node.js compatibility (includes root endpoints)
 app.include_router(workflow.router)
 app.include_router(database.router)
-app.include_router(maps.router)
-app.include_router(android.router)
 app.include_router(websocket.router)
-app.include_router(webhook.router)
-app.include_router(twitter.router)  # Twitter/X OAuth routes
-app.include_router(google.router)  # Google Workspace OAuth routes (Gmail, Calendar, Drive, Sheets, Tasks, Contacts)
 app.include_router(credentials.router)  # Credentials panel - lazy per-tile icon endpoint (n8n pattern)
 app.include_router(schemas.router)  # Per-node output schema endpoint (GET /api/schemas/nodes/{type}.json)
 
+# Routers awaiting migration into their plugin folders. As each plugin
+# moves to the self-contained pattern (nodes/<plugin>/_router.py +
+# register_router from __init__.py), the corresponding line below is
+# removed. Tracked in the plugin-extraction plan.
+app.include_router(webhook.router)
+# Twitter, Google, Android, and Maps routers moved (Maps deleted in
+# Wave 11.I milestone N -- all four endpoints were dead, the validate-key
+# path now flows through CREDENTIAL_REGISTRY's GoogleMapsCredential._probe).
+
+# Plugin-registered routers — populated by `nodes/<plugin>/__init__.py`
+# at import time via `register_router(...)`. Plugins are imported during
+# the node-discovery walk on app startup; iterating here picks up
+# anything that registered.
+from services.ws_handler_registry import get_routers as _get_plugin_routers
+for _plugin_router in _get_plugin_routers():
+    app.include_router(_plugin_router)
+
+
+# ---------------------------------------------------------------------------
+# CLI agent IDE MCP server (VSCode pattern)
+# ---------------------------------------------------------------------------
+#
+# Spawned Claude Code / Codex CLI sessions auto-discover this server via
+# a per-batch lockfile (~/.claude/ide/<pid>.lock) and call tools like
+# mcp__machina__getSkill / getCredential / broadcastLog over MCP-over-HTTP.
+# Bearer-token auth scoped per batch (see services/cli_agent/mcp_server.py).
+try:
+    from services.cli_agent.mcp_server import get_mcp_app as _get_cli_mcp_app
+    _cli_mcp_app = _get_cli_mcp_app()
+    app.mount("/mcp/ide", _cli_mcp_app)
+    logger.info("[main] mounted CLI agent MCP server at /mcp/ide")
+except Exception as exc:  # pragma: no cover — defensive; MCP must not block startup
+    logger.warning("[main] failed to mount CLI agent MCP server: %s", exc)
+
+
+# Stale lockfile sweep on startup — mirrors VSCode's behavior. PIDs in
+# leftover lockfiles that are no longer alive get cleaned up.
+@app.on_event("startup")
+async def _sweep_cli_lockfiles_on_startup() -> None:
+    try:
+        from services.cli_agent.config import list_provider_names, get_provider_config
+        from services.cli_agent.lockfile import sweep_stale_lockfiles
+        for name in list_provider_names():
+            cfg = get_provider_config(name)
+            if cfg and cfg.ide_lockfile_dir:
+                sweep_stale_lockfiles(cfg.ide_lockfile_dir)
+    except Exception as exc:
+        logger.debug("[main] CLI lockfile sweep failed: %s", exc)
+
 
 @app.get("/health")
 async def health_check():

package/server/models/node_metadata.py

@@ -49,6 +49,7 @@ class NodeMetadata(TypedDict, total=False):
     handles: list[NodeHandle]                            # replaces AGENT_CONFIGS topology
     credentials: list[str]                               # provider keys
     hideOutputHandle: bool                               # replaces NO_OUTPUT_NODE_TYPES
+    hideInputHandle: bool                                # auto-derived for usable_as_tool=True nodes
     visibility: Literal["all", "normal", "dev"]          # replaces SIMPLE_MODE_CATEGORIES
 
 

package/server/nodejs/package.json

@@ -3,19 +3,21 @@
   "version": "1.0.0",
   "description": "Persistent Node.js server for JavaScript/TypeScript code execution",
   "type": "module",
-  "main": "src/index.ts",
+  "main": "dist/index.js",
   "scripts": {
-    "start": "tsx src/index.ts",
+    "build": "esbuild src/index.ts --bundle --platform=node --target=node22 --format=esm --packages=external --outfile=dist/index.js",
+    "start": "node dist/index.js",
     "dev": "tsx watch src/index.ts"
   },
   "dependencies": {
-    "express": "^5.0.0"
+    "express": "^5.2.1"
   },
   "devDependencies": {
-    "@types/express": "^5.0.0",
-    "@types/node": "^22.0.0",
+    "@types/express": "^5.0.6",
+    "@types/node": "^22.19.18",
+    "esbuild": "^0.25.0",
     "tsx": "^4.21.0",
-    "typescript": "^5.7.0"
+    "typescript": "^5.9.3"
   },
   "engines": {
     "node": ">=22.0.0"

package/server/nodejs/src/index.ts

@@ -5,7 +5,7 @@
 
 import express, { Request, Response, NextFunction } from 'express';
 import vm from 'node:vm';
-import { execSync } from 'node:child_process';
+import { execFileSync } from 'node:child_process';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 
@@ -65,6 +65,14 @@ app.post('/execute', (req: Request, res: Response) => {
 
   try {
     const context = vm.createContext(sandbox);
+    // This service IS the sandboxed JS executor for the pythonExecutor /
+    // javascriptExecutor workflow nodes. Node's `vm` is not a security
+    // boundary (per https://nodejs.org/api/vm.html#vmcreatecontextcontextobject-options);
+    // the deployment context is: server binds to localhost only (line 16,
+    // default 'localhost') and is invoked exclusively by the same-machine
+    // Python backend via NodeJSClient. Public network exposure is the
+    // operator's responsibility.
+    // codeql[js/code-injection]
     vm.runInContext(code, context, { timeout, filename: 'user-code.js' });
 
     res.json({
@@ -83,7 +91,11 @@ app.post('/execute', (req: Request, res: Response) => {
   }
 });
 
-// Install packages - package list from request
+// Install packages - package list from request.
+// Localhost-only service (see server.listen at the bottom); same trust
+// boundary as the /execute sandbox. No request-rate limiting because the
+// only caller is the same-machine Python backend.
+// codeql[js/missing-rate-limiting]
 app.post('/packages/install', (req: Request, res: Response) => {
   const { packages } = req.body as { packages: string[] };
 
@@ -100,17 +112,22 @@ app.post('/packages/install', (req: Request, res: Response) => {
   }
 
   try {
-    execSync(`npm install ${packages.join(' ')}`, { cwd: USER_PACKAGES_DIR, timeout: 60000 });
+    // execFileSync (argv array, no shell) instead of execSync with template
+    // string. The regex above already validates names, but going through
+    // execFileSync removes the shell from the path entirely as
+    // defense-in-depth.
+    execFileSync('npm', ['install', ...packages], { cwd: USER_PACKAGES_DIR, timeout: 60000 });
     res.json({ success: true, message: `Installed: ${packages.join(', ')}` });
   } catch (error) {
     res.status(500).json({ success: false, error: error instanceof Error ? error.message : String(error) });
   }
 });
 
-// List packages
+// List packages — same localhost-only trust boundary as above.
+// codeql[js/missing-rate-limiting]
 app.get('/packages', (_req: Request, res: Response) => {
   try {
-    const output = execSync('npm list --json --depth=0', { cwd: USER_PACKAGES_DIR, encoding: 'utf-8' });
+    const output = execFileSync('npm', ['list', '--json', '--depth=0'], { cwd: USER_PACKAGES_DIR, encoding: 'utf-8' });
     res.json({ success: true, packages: JSON.parse(output).dependencies || {} });
   } catch {
     res.json({ success: true, packages: {} });

package/server/nodes/README.md

@@ -234,7 +234,7 @@ server/nodes/telegram/
 └── telegram_receive.py  # TriggerNode
 ```
 
-### Five generic registries to plug into
+### Six generic registries to plug into
 
 Telegram's `__init__.py` is the canonical wiring example. Adding any
 of these concerns to your plugin is one `register_*` call from your
@@ -243,14 +243,26 @@ package's `__init__.py` — the consumer never imports your folder.
 | Concern | Where to register | What it does |
 |---|---|---|
 | Credentials-modal WebSocket commands | `services.ws_handler_registry.register_ws_handlers({"<type>": handler})` | Adds `<type>` to the central WS dispatcher (no router edits) |
+| FastAPI router (Wave 11.I) | `services.ws_handler_registry.register_router(router, name="<name>")` | Plugin's HTTP router mounts via the plugin loop in `main.py`; sibling concern in the same file as `register_ws_handlers` |
 | Event-trigger filter | `services.event_waiter.register_filter_builder(node_type, fn)` | Plugs into `FILTER_BUILDERS` for `event_waiter.build_filter()` |
 | Trigger pre-execution check | `services.event_waiter.register_trigger_precheck(node_type, async_fn)` | Generic `triggers.py` handler runs `run_trigger_precheck` before entering the wait loop |
 | Service-status refresh on WS connect | `services.status_broadcaster.register_service_refresh(async_callback)` | Callback runs once per `_refresh_all_services` cycle |
 | Output schema | `services.node_output_schemas.register_output_schema(node_type, ModelClass)` | Avoids declaring a duplicate `Output` class in the central schema file |
 
-All five are idempotent (same callable / class for the same key is a
+All six are idempotent (same callable / class for the same key is a
 no-op; conflicts raise `ValueError`).
 
+### Credential validation (Wave 11.I)
+
+The credential-validator dispatch is a sibling concern, handled by the
+existing `services/plugin/credential.py:Credential` base class. Your
+`Credential` subclass overrides `_probe(api_key) -> ProbeResult` (or,
+in rare cases like local-LLM 2-storage, the whole `validate(data)
+-> dict` classmethod). Maps, Apify, all 9 cloud LLM providers, and
+both local-LLM providers (Ollama / LM Studio) all dispatch through the
+same scaffold — no `_SPECIAL_PROVIDER_VALIDATORS` dict in
+`routers/websocket.py`.
+
 ### When NOT to use this shape
 
 Don't create `_service.py` / `_handlers.py` siblings unless the plugin
@@ -284,8 +296,11 @@ Full reference: [docs-internal/plugin_system.md → "Self-contained plugin folde
 - **Don't edit `server/nodes/__init__.py`** — it's a pure auto-discovery
   walker. Adding a new folder doesn't need edits either; `pkgutil` finds
   subpackages automatically.
-- **Don't instantiate services directly.** Use
-  `from core.container import container; svc = container.X()`.
+- **Don't instantiate services directly.** Use the canonical lazy
+  helpers in `services.plugin.deps`:
+  `from services.plugin.deps import get_auth_service, get_database, get_cache, get_ai_service, get_text_service, get_maps_service, get_android_service`.
+  These resolve the singleton from the DI container at call time
+  (test monkeypatching depends on call-time lookup — never memoise).
 - **Don't call `auth_service.get_api_key(...)` from plugins.** Declare
   a `Credential` subclass; the `Connection` facade / service layer
   resolves tokens.
@@ -314,6 +329,18 @@ Full reference: [docs-internal/plugin_system.md → "Self-contained plugin folde
   subclasses and auto-inject at execution time. Plugins that need the
   injected key read `ctx.raw["_raw_parameters"]["api_key"]` — it's
   stashed before Pydantic validation strips it.
+- **`isConfigNode` is auto-derived — don't declare it.** Plugins
+  whose `group` tuple contains `"memory"` or `"tool"` automatically
+  export `uiHints.isConfigNode: True` (set by `_derive_auto_ui_hints`
+  in `services/plugin/base.py`). The flag tells the frontend that the
+  node's parameter panel inherits its parent's main inputs instead
+  of showing direct upstream connections. If you genuinely want to
+  opt out, declare `ui_hints = {"isConfigNode": False}` — explicit
+  always wins via `dict.update`. Adding a new auto-derivation rule
+  goes in `_derive_auto_ui_hints`, not in individual plugins; new
+  uiHint flags must also be added to `INodeUIHints` in
+  `client/src/types/INodeProperties.ts` and to the `known` set in
+  `server/tests/test_node_spec.py::test_ui_hints_only_carry_known_flags`.
 
 ---
 

package/server/nodes/agent/_inline.py

@@ -152,3 +152,5 @@ async def prepare_agent_call(
         "context": context,
         "database": database,
     }
+
+

package/server/nodes/agent/_specialized.py

@@ -38,6 +38,9 @@ class SpecializedAgentParams(BaseModel):
     provider: Literal[
         "openai", "anthropic", "gemini", "openrouter",
         "groq", "cerebras", "deepseek", "kimi", "mistral",
+        # Local-server providers — see ai_agent.Params for the proxy_url
+        # rationale. Same fix; same reason.
+        "ollama", "lmstudio",
     ] = "openai"
     model: str = Field(
         default="", json_schema_extra={"placeholder": "Select a model..."},
@@ -107,12 +110,12 @@ class SpecializedAgentBase(ActionNode, abstract=True):
         pre-dispatch flow. Team-lead teammate injection happens inside
         ``prepare_agent_call`` based on ``self.type``.
         """
-        from core.container import container
+        from services.plugin.deps import get_ai_service, get_database
 
         from ._inline import prepare_agent_call
 
-        ai_service = container.ai_service()
-        database = container.database()
+        ai_service = get_ai_service()
+        database = get_database()
         kwargs = await prepare_agent_call(
             node_id=ctx.node_id, node_type=self.type,
             parameters=params.model_dump(),