mod8-cli 0.2.0

package/dist/commands/config.js

@@ -0,0 +1,29 @@
+import chalk from 'chalk';
+import { getConfig, updateConfig, CONFIG_FILE_PATH } from '../storage/config.js';
+import { KNOWN_PROVIDERS } from '../providers/registry.js';
+import { isKnownOrConfigured } from '../storage/providers.js';
+export async function configGet() {
+    const config = await getConfig();
+    const defaultStr = config.default ?? 'anthropic';
+    const defaultSource = config.default ? 'configured' : 'fallback';
+    const consentStr = config.allConsent ? 'given' : 'not yet (first --all will prompt)';
+    console.log();
+    console.log(`  default:  ${chalk.bold(defaultStr)} ${chalk.dim(`(${defaultSource})`)}`);
+    console.log(`  consent:  ${chalk.dim(consentStr)}`);
+    console.log();
+    console.log(chalk.dim(`Stored at ${CONFIG_FILE_PATH}`));
+}
+export async function configSet(key, value) {
+    if (key !== 'default') {
+        console.error(chalk.red(`Unknown config key '${key}'.`) + ' Available keys: default.');
+        process.exit(1);
+    }
+    if (!(await isKnownOrConfigured(value))) {
+        const known = KNOWN_PROVIDERS.map((p) => p.id).join(', ');
+        console.error(chalk.red(`Unknown provider '${value}'.`) +
+            ` Built-in: ${known}.\n  Or configure a custom one first: mod8 add-provider`);
+        process.exit(1);
+    }
+    await updateConfig({ default: value });
+    console.log(chalk.green('✓') + ` Default provider set to ${value}`);
+}

package/dist/commands/devAuthStatus.js

@@ -0,0 +1,34 @@
+/**
+ * `mod8 dev:auth-status` — print the resolved routing decision the CLI
+ * would make right now: which auth.json (if any) is loaded + which
+ * provider ids would route through the proxy.
+ *
+ * Pure (no network).  Used by the login behavioral spec to verify the
+ * auth.json round-trip + provider-routing predicate without spinning up
+ * the proxy.
+ */
+import { readAuth, AUTH_FILE_PATH } from '../storage/auth.js';
+import { toProxyProviderId } from '../providers/proxy.js';
+const PROBE_IDS = ['anthropic', 'openai', 'google', 'deepseek', 'mistral', 'custom-foo'];
+export async function devAuthStatus() {
+    const auth = await readAuth();
+    process.stdout.write(`authFile=${AUTH_FILE_PATH}\n`);
+    if (!auth) {
+        process.stdout.write('authed=false\n');
+        process.stdout.write('mode=local\n');
+        return;
+    }
+    // Mask the key — never echo a full secret, same rule as the rest of the CLI.
+    const masked = auth.mod8Key.length > 16
+        ? auth.mod8Key.slice(0, 12) + '…' + auth.mod8Key.slice(-4)
+        : auth.mod8Key.slice(0, 12) + '…';
+    process.stdout.write('authed=true\n');
+    process.stdout.write('mode=proxy\n');
+    process.stdout.write(`email=${auth.email ?? '-'}\n`);
+    process.stdout.write(`proxyUrl=${auth.proxyUrl}\n`);
+    process.stdout.write(`keyMasked=${masked}\n`);
+    for (const id of PROBE_IDS) {
+        const proxied = toProxyProviderId(id) !== null;
+        process.stdout.write(`route id=${id} proxy=${proxied}\n`);
+    }
+}

package/dist/commands/devHostAsk.js

@@ -0,0 +1,51 @@
+/**
+ * `mod8 dev:host-ask <prompt>` — non-interactive endpoint that runs a single
+ * turn through the host (mod8) system prompt with the user's currently-
+ * configured providers injected.  Hidden from --help; it exists primarily so
+ * `mod8 verify` can assert on real LLM responses to meta questions.
+ *
+ * Useful from the shell too: a quick meta query without entering the REPL.
+ */
+import chalk from 'chalk';
+import { streamProviderChat } from '../providers/genericChat.js';
+import { readHostContext, buildHostSystem } from '../providers/hostSystem.js';
+import { classifyError } from '../util/errors.js';
+import { formatStats } from './prompt.js';
+const HOST_PROVIDER_ID = 'anthropic';
+export async function devHostAsk(prompt) {
+    const ctx = await readHostContext();
+    const system = buildHostSystem(ctx);
+    let usage;
+    let lastChar = '';
+    try {
+        for await (const event of streamProviderChat({
+            providerId: HOST_PROVIDER_ID,
+            system,
+            messages: [{ role: 'user', content: prompt }],
+        })) {
+            if (event.type === 'text') {
+                // Strip handoff tokens so they don't leak into stdout.
+                const cleaned = event.delta.replace(/<SWITCH_TO_(WORK|HOST)>/gi, '');
+                if (cleaned) {
+                    process.stdout.write(cleaned);
+                    lastChar = cleaned[cleaned.length - 1] ?? '';
+                }
+            }
+            else if (event.type === 'done') {
+                usage = event.usage;
+            }
+        }
+    }
+    catch (err) {
+        if (lastChar !== '\n' && lastChar !== '')
+            process.stdout.write('\n');
+        console.error(chalk.red('mod8: ') + classifyError(err, HOST_PROVIDER_ID));
+        process.exit(1);
+    }
+    if (lastChar !== '\n')
+        process.stdout.write('\n');
+    if (usage) {
+        console.log();
+        console.log(formatStats(usage));
+    }
+}

package/dist/commands/devHostSystem.js

@@ -0,0 +1,15 @@
+/**
+ * `mod8 dev:host-system` — print the host system prompt as it would be
+ * assembled RIGHT NOW (with current providers.json state).  No LLM call.
+ *
+ * Behavioral specs use this to verify the host-self-knowledge fix: after a
+ * provider is added mid-session via the inline paste-key flow, the next
+ * host turn rebuilds the system prompt with the new provider visible —
+ * not the stale snapshot taken at chat startup.
+ */
+import { readHostContext, buildHostSystem } from '../providers/hostSystem.js';
+export async function devHostSystem() {
+    const ctx = await readHostContext();
+    process.stdout.write(buildHostSystem(ctx));
+    process.stdout.write('\n');
+}

package/dist/commands/devResolve.js

@@ -0,0 +1,54 @@
+/**
+ * `mod8 dev:resolve <input>` — runs the chat REPL's intent-routing logic on a
+ * single input string and prints the structured result.  Used by behavioral
+ * specs to test synonym handling, switch-back triggers, and routing edge
+ * cases without booting Ink.
+ *
+ * Match priority (mirrors what chat.tsx does in handleSubmit):
+ *   1. parseHostBack         — "/mod8", "back to mod8", "mod8", etc.
+ *   2. parseCompareWithPrompt / isCompareCommand
+ *   3. parseProviderRoute    — "use deepseek", "talk with codex", etc.
+ *
+ * Output format (one line, machine-parseable):
+ *   host-back rest=<json>
+ *   compare payload=<json>
+ *   compare-bare
+ *   route id=<raw> resolved=<id|null> rest=<json>
+ *   none
+ */
+import { parseProviderRoute, parseHostBack, parseBareProviderHint, parseCompareWithPrompt, isCompareCommand, } from './intentRouting.js';
+import { resolveProviderHint, strictResolveProviderHint, } from '../storage/providers.js';
+export async function devResolve(input) {
+    const back = parseHostBack(input);
+    if (back) {
+        process.stdout.write(`host-back rest=${JSON.stringify(back.rest)}\n`);
+        return;
+    }
+    const payload = parseCompareWithPrompt(input);
+    if (payload) {
+        process.stdout.write(`compare payload=${JSON.stringify(payload)}\n`);
+        return;
+    }
+    if (isCompareCommand(input)) {
+        process.stdout.write(`compare-bare\n`);
+        return;
+    }
+    const route = parseProviderRoute(input);
+    if (route) {
+        const resolved = await resolveProviderHint(route.id);
+        process.stdout.write(`route id=${route.id} resolved=${resolved ?? 'null'} rest=${JSON.stringify(route.rest)}\n`);
+        return;
+    }
+    // Bare-name / first-word / greeting matching — same logic as chat.tsx.
+    const bare = parseBareProviderHint(input);
+    if (bare) {
+        const resolved = bare.resolution === 'strict'
+            ? await strictResolveProviderHint(bare.name)
+            : await resolveProviderHint(bare.name);
+        if (resolved) {
+            process.stdout.write(`route id=${bare.name} resolved=${resolved} rest=${JSON.stringify(bare.rest)}\n`);
+            return;
+        }
+    }
+    process.stdout.write(`none\n`);
+}

package/dist/commands/devSimulate.js

@@ -0,0 +1,235 @@
+/**
+ * `mod8 dev:simulate` — read inputs from stdin (one per line) and play them
+ * through the chat REPL's routing state machine.  No LLM calls; no Ink.
+ * Lets behavioral specs verify long sequences of switches behave correctly:
+ *   - banner targets match what would be said
+ *   - workProviderId resets to default on every host transition
+ *   - parseHostBack always wins (user can never get stuck)
+ *   - false positives don't auto-route (no surprise switches)
+ *   - paste-key flow saves to providers.json without ever leaking the key
+ *   - bare-paste auto-detect (no consent first) asks then saves
+ *   - fuzzy match catches typos like "gimini" → google
+ *
+ * Output format (one line per non-empty input):
+ *   step=N input=<json> mode=<host|work> provider=<id> action=<...> rest=<json>
+ *
+ * Inputs are sanitized via sanitizeKeys() BEFORE being printed, so a real
+ * pasted key never lands in stdout/stderr/scrollback.
+ *
+ * Actions: host-back, host-back-noop, route, route-bare, route-greeting,
+ *          send, compare, compare-bare, slash-clear, slash-providers,
+ *          paste-consent, paste-saved, paste-rejected, paste-pending,
+ *          paste-cancelled, fuzzy-route, fuzzy-ask, fuzzy-multi,
+ *          fuzzy-confirmed, fuzzy-cancelled, route-error
+ */
+import { parseProviderRoute, parseHostBack, parseBareProviderHint, parseCompareWithPrompt, isCompareCommand, parsePasteKeyIntent, isPasteConfirmAffirmative, isAffirmative, isNegative, } from './intentRouting.js';
+import { resolveProviderHint, strictResolveProviderHint, resolveConfigured, saveKeyPreservingEntry, fuzzyResolveProviderHint, } from '../storage/providers.js';
+import { findApiKey, sanitizeKeys } from '../util/secrets.js';
+const DEFAULT_WORK = 'anthropic';
+async function persistKey(key, tpl) {
+    await saveKeyPreservingEntry(key, tpl);
+}
+async function tryFuzzyRoute(name, rest, state) {
+    if (name.length < 4)
+        return null;
+    if (isAffirmative(name) || isNegative(name))
+        return null;
+    const fuzzy = await fuzzyResolveProviderHint(name);
+    if (fuzzy.length === 0)
+        return null;
+    if (fuzzy.length > 1) {
+        const ids = fuzzy.map((c) => c.id).join(',');
+        return { action: `fuzzy-multi ids=${ids}`, rest };
+    }
+    const m = fuzzy[0];
+    const askFirst = m.distance === 2 && name.length <= 4;
+    if (askFirst) {
+        state.pendingFuzzy = { id: m.id, rest };
+        return { action: `fuzzy-ask id=${m.id}`, rest };
+    }
+    const entry = await resolveConfigured(m.id);
+    if (!entry) {
+        return { action: `fuzzy-not-configured id=${m.id}`, rest };
+    }
+    state.mode = 'work';
+    state.workProviderId = m.id;
+    return { action: `fuzzy-route id=${m.id} distance=${m.distance}`, rest };
+}
+async function simulateStep(input, state) {
+    const value = input.trim();
+    if (!value)
+        return { action: 'empty', rest: '' };
+    // === STATE HANDLERS (run on RAW because key detection requires it) ====
+    // 1. Awaiting explicit paste-key.
+    if (state.awaitingKey) {
+        state.awaitingKey = false;
+        if (parseHostBack(value)) {
+            // fall through to dispatch below
+        }
+        else {
+            const found = findApiKey(value);
+            if (found) {
+                await persistKey(found.key, found.template);
+                return { action: `paste-saved id=${found.template.id}`, rest: '' };
+            }
+            if (isNegative(value)) {
+                return { action: 'paste-cancelled', rest: '' };
+            }
+            return { action: 'paste-rejected', rest: '' };
+        }
+    }
+    // 2. Pending bare-paste confirm.
+    if (state.pendingKey) {
+        const cached = state.pendingKey;
+        state.pendingKey = null;
+        if (isPasteConfirmAffirmative(value)) {
+            await persistKey(cached.rawKey, cached.template);
+            return { action: `paste-saved id=${cached.template.id}`, rest: '' };
+        }
+        if (isNegative(value)) {
+            return { action: 'paste-cancelled', rest: '' };
+        }
+        // Otherwise cancel + fall through — emit an explicit signal so specs
+        // can verify the cancellation, then continue dispatching this turn.
+    }
+    // 3. Pending fuzzy confirm.
+    if (state.pendingFuzzy) {
+        const cached = state.pendingFuzzy;
+        state.pendingFuzzy = null;
+        if (isAffirmative(value)) {
+            const entry = await resolveConfigured(cached.id);
+            if (entry) {
+                state.mode = 'work';
+                state.workProviderId = cached.id;
+                return { action: `fuzzy-confirmed id=${cached.id}`, rest: cached.rest };
+            }
+            return { action: `fuzzy-not-configured id=${cached.id}`, rest: '' };
+        }
+        if (isNegative(value)) {
+            return { action: 'fuzzy-cancelled', rest: '' };
+        }
+        // Otherwise fall through to normal dispatch.
+    }
+    // === BARE-PASTE AUTO-DETECT (host mode, raw input) ====================
+    if (state.mode === 'host') {
+        const found = findApiKey(value);
+        if (found) {
+            state.pendingKey = { rawKey: found.key, template: found.template };
+            return { action: `paste-pending id=${found.template.id}`, rest: '' };
+        }
+    }
+    // Slash commands first
+    if (value === '/exit' || value === '/quit')
+        return { action: 'slash-exit', rest: '' };
+    if (value === '/clear')
+        return { action: 'slash-clear', rest: '' };
+    if (value === '/providers')
+        return { action: 'slash-providers', rest: '' };
+    // Compare
+    if (isCompareCommand(value))
+        return { action: 'compare-bare', rest: '' };
+    const compare = parseCompareWithPrompt(value);
+    if (compare)
+        return { action: 'compare', rest: compare };
+    // parseHostBack always wins.
+    const back = parseHostBack(value);
+    if (back) {
+        if (state.mode === 'work') {
+            state.mode = 'host';
+            state.workProviderId = DEFAULT_WORK;
+            return { action: 'host-back', rest: back.rest };
+        }
+        return { action: 'host-back-noop', rest: back.rest };
+    }
+    // Paste-key intent — runs BEFORE provider routing because phrases like
+    // "add a key" don't look like routing but should never be sent to the LLM.
+    // Only host mode triggers the consent flow.
+    const paste = parsePasteKeyIntent(value);
+    if (paste && state.mode === 'host') {
+        if (paste.providerHint) {
+            const resolved = await resolveProviderHint(paste.providerHint);
+            if (resolved) {
+                state.awaitingKey = true;
+                return { action: `paste-consent target=${resolved}`, rest: '' };
+            }
+            // Trailing word wasn't a provider — fall through to LLM.
+        }
+        else if (paste.pronounRef) {
+            // Bare pronoun ("save this") with no pendingKey — ambiguous, fall
+            // through.  In real chat this only triggers from inside the
+            // pendingKey state (handled above), so reaching here means the user
+            // typed it cold.
+        }
+        else {
+            state.awaitingKey = true;
+            return { action: 'paste-consent', rest: '' };
+        }
+    }
+    // Verb-based routing
+    const route = parseProviderRoute(value);
+    if (route) {
+        const exact = await resolveProviderHint(route.id);
+        if (!exact) {
+            const fuzzed = await tryFuzzyRoute(route.id, route.rest, state);
+            if (fuzzed)
+                return fuzzed;
+            return { action: `route-error unknown=${route.id}`, rest: route.rest };
+        }
+        const entry = await resolveConfigured(exact);
+        if (!entry) {
+            return { action: `route-error not-configured=${exact}`, rest: route.rest };
+        }
+        state.mode = 'work';
+        state.workProviderId = exact;
+        return { action: 'route', rest: route.rest };
+    }
+    // Bare-name / first-word / greeting matching
+    const bare = parseBareProviderHint(value);
+    if (bare) {
+        const resolved = bare.resolution === 'strict'
+            ? await strictResolveProviderHint(bare.name)
+            : await resolveProviderHint(bare.name);
+        if (resolved) {
+            const entry = await resolveConfigured(resolved);
+            if (entry) {
+                state.mode = 'work';
+                state.workProviderId = resolved;
+                const action = bare.resolution === 'full' ? 'route-greeting' : 'route-bare';
+                return { action, rest: bare.rest };
+            }
+            return { action: `route-error not-configured=${resolved}`, rest: bare.rest };
+        }
+        // Exact failed — try fuzzy before falling through.
+        const fuzzed = await tryFuzzyRoute(bare.name, bare.rest, state);
+        if (fuzzed)
+            return fuzzed;
+        // Fall through.
+    }
+    return { action: 'send', rest: value };
+}
+export async function devSimulate() {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+        chunks.push(chunk);
+    }
+    const text = Buffer.concat(chunks).toString('utf8');
+    const lines = text.split('\n').map((l) => l.replace(/\r$/, ''));
+    const state = {
+        mode: 'host',
+        workProviderId: DEFAULT_WORK,
+        awaitingKey: false,
+        pendingKey: null,
+        pendingFuzzy: null,
+    };
+    let stepNum = 0;
+    for (const raw of lines) {
+        if (raw.length === 0)
+            continue;
+        stepNum += 1;
+        const result = await simulateStep(raw, state);
+        const provider = state.mode === 'work' ? state.workProviderId : 'host';
+        const safeInput = sanitizeKeys(raw);
+        const safeRest = sanitizeKeys(result.rest);
+        process.stdout.write(`step=${stepNum} input=${JSON.stringify(safeInput)} mode=${state.mode} provider=${provider} action=${result.action} rest=${JSON.stringify(safeRest)}\n`);
+    }
+}

package/dist/commands/devWorkAsk.js

@@ -0,0 +1,55 @@
+/**
+ * `mod8 dev:work-ask <providerId> <prompt>` — non-interactive endpoint that
+ * runs a single turn through the WORK-mode system prompt for a given
+ * configured provider.  Powers behavioral tests for work-mode character
+ * (does codex stay in character? does it impersonate mod8?).
+ */
+import chalk from 'chalk';
+import { streamProviderChat } from '../providers/genericChat.js';
+import { resolveConfigured } from '../storage/providers.js';
+import { buildWorkSystem } from '../providers/workSystem.js';
+import { workerNameFor } from '../providers/displayName.js';
+import { classifyError } from '../util/errors.js';
+import { formatStats } from './prompt.js';
+export async function devWorkAsk(providerId, prompt) {
+    const entry = await resolveConfigured(providerId);
+    if (!entry) {
+        console.error(chalk.red('mod8: ') +
+            `provider "${providerId}" is not configured. Run mod8 keys set ${providerId} (or mod8 add-provider).`);
+        process.exit(1);
+    }
+    const workerName = workerNameFor(providerId, entry.name);
+    const system = buildWorkSystem(workerName);
+    let usage;
+    let lastChar = '';
+    try {
+        for await (const event of streamProviderChat({
+            providerId,
+            system,
+            messages: [{ role: 'user', content: prompt }],
+        })) {
+            if (event.type === 'text') {
+                const cleaned = event.delta.replace(/<SWITCH_TO_(WORK|HOST)>/gi, '');
+                if (cleaned) {
+                    process.stdout.write(cleaned);
+                    lastChar = cleaned[cleaned.length - 1] ?? '';
+                }
+            }
+            else if (event.type === 'done') {
+                usage = event.usage;
+            }
+        }
+    }
+    catch (err) {
+        if (lastChar !== '\n' && lastChar !== '')
+            process.stdout.write('\n');
+        console.error(chalk.red('mod8: ') + classifyError(err, providerId));
+        process.exit(1);
+    }
+    if (lastChar !== '\n')
+        process.stdout.write('\n');
+    if (usage) {
+        console.log();
+        console.log(formatStats(usage));
+    }
+}