myshell-tools 2.4.0 → 2.7.0

package/dist/core/route.d.ts

@@ -16,13 +16,21 @@ import type { ProviderId } from '../providers/port.js';
  * Algorithm:
  *  1. Walk `policy.providerOrderByTier[tier]` in order.
  *  2. For the first provider that is present in `available`, resolve the
- *     cheapest model for that provider+tier via `getCheapestForTier`.
+ *     cheapest model for that provider+tier via `getCheapestForTier`, further
+ *     restricted to `availableModels[provider]` when that set is non-empty.
  *  3. If none of the policy-preferred providers are available but `available`
  *     is non-empty, fall back to the globally cheapest model for that tier.
  *  4. If `available` is empty, throw — there is nothing to route to.
  *
- * @param tier      - The orchestration tier to route.
- * @param available - Provider IDs that are currently reachable.
- * @param policy    - Active routing policy (from `DEFAULT_POLICY` or overrides).
+ * The `availableModels` parameter is additive/opt-in:
+ *   - When absent or undefined → behaviour is IDENTICAL to today (no change).
+ *   - When a provider's entry is present and non-empty → prefer a model in that
+ *     list; if none match the pricing table, fall back to cheapest-for-tier
+ *     (graceful degradation, never throws, never returns nothing).
+ *
+ * @param tier            - The orchestration tier to route.
+ * @param available       - Provider IDs that are currently reachable.
+ * @param policy          - Active routing policy (from `DEFAULT_POLICY` or overrides).
+ * @param availableModels - Optional per-provider advertised model sets from detection.
  */
-export declare function route(tier: Tier, available: ProviderId[], policy: Policy): RouteDecision;
+export declare function route(tier: Tier, available: ProviderId[], policy: Policy, availableModels?: Partial<Record<ProviderId, readonly string[]>>): RouteDecision;

package/dist/core/route.js

@@ -15,16 +15,24 @@ import { getCheapestForTier } from '../infra/pricing.js';
  * Algorithm:
  *  1. Walk `policy.providerOrderByTier[tier]` in order.
  *  2. For the first provider that is present in `available`, resolve the
- *     cheapest model for that provider+tier via `getCheapestForTier`.
+ *     cheapest model for that provider+tier via `getCheapestForTier`, further
+ *     restricted to `availableModels[provider]` when that set is non-empty.
  *  3. If none of the policy-preferred providers are available but `available`
  *     is non-empty, fall back to the globally cheapest model for that tier.
  *  4. If `available` is empty, throw — there is nothing to route to.
  *
- * @param tier      - The orchestration tier to route.
- * @param available - Provider IDs that are currently reachable.
- * @param policy    - Active routing policy (from `DEFAULT_POLICY` or overrides).
+ * The `availableModels` parameter is additive/opt-in:
+ *   - When absent or undefined → behaviour is IDENTICAL to today (no change).
+ *   - When a provider's entry is present and non-empty → prefer a model in that
+ *     list; if none match the pricing table, fall back to cheapest-for-tier
+ *     (graceful degradation, never throws, never returns nothing).
+ *
+ * @param tier            - The orchestration tier to route.
+ * @param available       - Provider IDs that are currently reachable.
+ * @param policy          - Active routing policy (from `DEFAULT_POLICY` or overrides).
+ * @param availableModels - Optional per-provider advertised model sets from detection.
  */
-export function route(tier, available, policy) {
+export function route(tier, available, policy, availableModels) {
     if (available.length === 0) {
         throw new Error(`route: no providers available for tier "${tier}" — start at least one provider`);
     }
@@ -32,7 +40,13 @@ export function route(tier, available, policy) {
     // Walk the preferred order and pick the first available provider.
     for (const preferred of preferredOrder) {
         if (available.includes(preferred)) {
-            const pricing = getCheapestForTier(tier, [preferred]);
+            // When advertised models are supplied for this provider, pass them as
+            // the allowed-model filter so we prefer a model the CLI actually has.
+            const providerAllowed = availableModels?.[preferred];
+            const allowedSet = providerAllowed !== undefined && providerAllowed.length > 0
+                ? providerAllowed
+                : undefined;
+            const pricing = getCheapestForTier(tier, [preferred], allowedSet);
             return {
                 tier,
                 provider: preferred,

package/dist/core/route.js.map

@@ -1 +1 @@
-{"version":3,"file":"route.js","sourceRoot":"","sources":["../../src/core/route.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,KAAK,CACnB,IAAU,EACV,SAAuB,EACvB,MAAc;IAEd,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,2CAA2C,IAAI,iCAAiC,CACjF,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAExD,kEAAkE;IAClE,KAAK,MAAM,SAAS,IAAI,cAAc,EAAE,CAAC;QACvC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;YACtD,OAAO;gBACL,IAAI;gBACJ,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,0DAA0D;IAC1D,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACrD,OAAO;QACL,IAAI;QACJ,QAAQ,EAAE,QAAQ,CAAC,QAAsB;QACzC,KAAK,EAAE,QAAQ,CAAC,KAAK;KACtB,CAAC;AACJ,CAAC"}
+{"version":3,"file":"route.js","sourceRoot":"","sources":["../../src/core/route.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,KAAK,CACnB,IAAU,EACV,SAAuB,EACvB,MAAc,EACd,eAAgE;IAEhE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,2CAA2C,IAAI,iCAAiC,CACjF,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAExD,kEAAkE;IAClE,KAAK,MAAM,SAAS,IAAI,cAAc,EAAE,CAAC;QACvC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAClC,sEAAsE;YACtE,sEAAsE;YACtE,MAAM,eAAe,GAAG,eAAe,EAAE,CAAC,SAAS,CAAC,CAAC;YACrD,MAAM,UAAU,GACd,eAAe,KAAK,SAAS,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC;gBACzD,CAAC,CAAC,eAAe;gBACjB,CAAC,CAAC,SAAS,CAAC;YAChB,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAC;YAClE,OAAO;gBACL,IAAI;gBACJ,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,0DAA0D;IAC1D,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACrD,OAAO;QACL,IAAI;QACJ,QAAQ,EAAE,QAAQ,CAAC,QAAsB;QACzC,KAAK,EAAE,QAAQ,CAAC,KAAK;KACtB,CAAC;AACJ,CAAC"}

package/dist/core/types.d.ts

@@ -85,6 +85,25 @@ export interface Policy {
     readonly escalateBelowConfidence: Record<Risk, number>;
     /** Ordered provider preference per tier; route() honours availability. */
     readonly providerOrderByTier: Record<Tier, readonly ProviderId[]>;
+    /**
+     * Controls when cross-vendor review runs automatically.
+     *
+     * - `'auto'`          : review when risk is high/critical OR the model sets needsReview
+     *                       (current default behaviour).
+     * - `'critical-only'` : review only when risk is `critical` (or needsReview AND critical).
+     * - `'off'`           : never trigger an automatic cross-vendor review.
+     *
+     * Omitting the field is equivalent to `'auto'` (backward-compatible).
+     */
+    readonly reviewPolicy?: 'auto' | 'critical-only' | 'off';
+    /**
+     * Per-task cost budget cap in USD.  When `totalCostUsd` reaches or exceeds
+     * this value, orchestrate() stops spending (no new escalation, no new review)
+     * and accepts the best result produced so far.
+     *
+     * `null` or `undefined` (the default) means no cap is applied.
+     */
+    readonly maxCostUsd?: number | null;
 }
 export interface OrchestrateDeps {
     /** Available providers, keyed by id. Absent key = provider unavailable. */
@@ -96,6 +115,24 @@ export interface OrchestrateDeps {
     readonly cwd: string;
     readonly sandbox: SandboxLevel;
     readonly timeoutMs: number;
+    /**
+     * Prior conversation history for context continuity. When provided, the most
+     * recent turns are compacted and injected into the first provider prompt so
+     * stateless one-shot providers (claude -p / codex exec) have multi-turn
+     * awareness. Leave undefined for fresh (one-shot) sessions.
+     */
+    readonly history?: readonly SessionEntry[];
+    /**
+     * Advertised model lists from provider detection, keyed by provider id.
+     * When supplied, route() restricts candidates to models that the provider CLI
+     * actually advertises, preventing the CLI from routing to a model it cannot run.
+     *
+     * Absence (undefined) or an empty list for a provider → fall back to the
+     * standard cheapest-for-tier pricing-table behaviour (backward-compatible).
+     *
+     * Only include providers that are installed; exactOptionalPropertyTypes is ON.
+     */
+    readonly availableModels?: Partial<Record<ProviderId, readonly string[]>>;
 }
 /**
  * High-level events emitted by orchestrate(). The interface/render layer

package/dist/infra/credentials.d.ts

@@ -0,0 +1,58 @@
+/**
+ * src/infra/credentials.ts — Persisted credential store for myshell-tools.
+ *
+ * Stores a small JSON file at <homeDir>/.myshell-tools/credentials.json with
+ * shape `{ claudeOauthToken?: string }` so the Claude OAuth token captured
+ * during `myshell-tools login claude --code` is available across restarts.
+ *
+ * On startup, `applyStoredCredentials` injects the token into `process.env` so
+ * that both the provider detection (`claude auth status`) and the spawned
+ * `claude -p …` child process see it via the inherited environment.
+ *
+ * Security: the file is written with mode 0o600 (owner-read-only) on POSIX
+ * systems. The chmod is best-effort — a failure is silently ignored so the
+ * function never throws on Windows or unusual filesystems.
+ */
+export interface Credentials {
+    claudeOauthToken?: string;
+}
+/**
+ * Load stored credentials. Never throws — missing or corrupt files return `{}`.
+ */
+export declare function loadCredentials(homeDir?: string): Promise<Credentials>;
+/**
+ * Persist the Claude OAuth token atomically to
+ * `~/.myshell-tools/credentials.json` with restrictive permissions (0o600).
+ */
+export declare function saveClaudeToken(token: string, homeDir?: string): Promise<void>;
+/**
+ * Remove the stored Claude OAuth token. Writes the file back without the
+ * token key so any future credential fields are preserved.
+ * Never throws.
+ */
+export declare function clearClaudeToken(homeDir?: string): Promise<void>;
+/**
+ * Inject a previously-saved Claude OAuth token into `env` if:
+ *   1. A token is stored in `~/.myshell-tools/credentials.json`, AND
+ *   2. `env.CLAUDE_CODE_OAUTH_TOKEN` is not already set (user's explicit env wins).
+ *
+ * Called once at the very top of `main()` so every code path — detection,
+ * spawned `claude -p …`, and the menu — sees the token without the user
+ * needing to export it manually.
+ *
+ * Never throws.
+ */
+export declare function applyStoredCredentials(env: NodeJS.ProcessEnv, homeDir?: string): Promise<void>;
+/**
+ * Extract the first Claude long-lived OAuth token from `text`.
+ *
+ * Token format: `sk-ant-oat` followed by optional digits/lowercase-letters,
+ * then a dash, then one or more Base64url characters (`[A-Za-z0-9_-]+`).
+ *
+ * Returns `null` when no token is found. Never throws.
+ *
+ * @example
+ *   extractClaudeToken('Token: sk-ant-oat01-abc-XYZ123') // → 'sk-ant-oat01-abc-XYZ123'
+ *   extractClaudeToken('no token here')                   // → null
+ */
+export declare function extractClaudeToken(text: string): string | null;

package/dist/infra/credentials.js

@@ -0,0 +1,172 @@
+/**
+ * src/infra/credentials.ts — Persisted credential store for myshell-tools.
+ *
+ * Stores a small JSON file at <homeDir>/.myshell-tools/credentials.json with
+ * shape `{ claudeOauthToken?: string }` so the Claude OAuth token captured
+ * during `myshell-tools login claude --code` is available across restarts.
+ *
+ * On startup, `applyStoredCredentials` injects the token into `process.env` so
+ * that both the provider detection (`claude auth status`) and the spawned
+ * `claude -p …` child process see it via the inherited environment.
+ *
+ * Security: the file is written with mode 0o600 (owner-read-only) on POSIX
+ * systems. The chmod is best-effort — a failure is silently ignored so the
+ * function never throws on Windows or unusual filesystems.
+ */
+import { mkdir, readFile, chmod } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { atomicWrite } from './atomic.js';
+// ---------------------------------------------------------------------------
+// Path helpers (pure)
+// ---------------------------------------------------------------------------
+function getCredentialsDir(home) {
+    return join(home, '.myshell-tools');
+}
+function getCredentialsPath(home) {
+    return join(getCredentialsDir(home), 'credentials.json');
+}
+// ---------------------------------------------------------------------------
+// Internal parse helper
+// ---------------------------------------------------------------------------
+/**
+ * Parse credentials from raw JSON text. Returns `{}` on any error so callers
+ * never need to handle thrown exceptions from the load path.
+ */
+function parseCredentials(raw) {
+    try {
+        const parsed = JSON.parse(raw);
+        if (typeof parsed !== 'object' || parsed === null) {
+            return {};
+        }
+        const obj = parsed;
+        const result = {};
+        if (typeof obj['claudeOauthToken'] === 'string' && obj['claudeOauthToken'].length > 0) {
+            result.claudeOauthToken = obj['claudeOauthToken'];
+        }
+        return result;
+    }
+    catch {
+        return {};
+    }
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Load stored credentials. Never throws — missing or corrupt files return `{}`.
+ */
+export async function loadCredentials(homeDir) {
+    const home = homeDir ?? homedir();
+    try {
+        const raw = await readFile(getCredentialsPath(home), 'utf8');
+        return parseCredentials(raw);
+    }
+    catch {
+        return {};
+    }
+}
+/**
+ * Persist the Claude OAuth token atomically to
+ * `~/.myshell-tools/credentials.json` with restrictive permissions (0o600).
+ */
+export async function saveClaudeToken(token, homeDir) {
+    const home = homeDir ?? homedir();
+    const dir = getCredentialsDir(home);
+    const path = getCredentialsPath(home);
+    await mkdir(dir, { recursive: true });
+    // Load existing credentials so we only replace the token key, preserving others.
+    const existing = await loadCredentials(homeDir);
+    const updated = { ...existing, claudeOauthToken: token };
+    // atomicWrite uses rename — ensures no partial writes on crash.
+    await atomicWrite(path, JSON.stringify(updated, null, 2));
+    // Best-effort: restrict to owner-read-only. Silently ignored on Windows or
+    // unusual filesystems where chmod is unavailable or unsupported.
+    try {
+        await chmod(path, 0o600);
+    }
+    catch {
+        // Cross-platform best-effort only — never throws
+    }
+}
+/**
+ * Remove the stored Claude OAuth token. Writes the file back without the
+ * token key so any future credential fields are preserved.
+ * Never throws.
+ */
+export async function clearClaudeToken(homeDir) {
+    try {
+        const home = homeDir ?? homedir();
+        const dir = getCredentialsDir(home);
+        const path = getCredentialsPath(home);
+        await mkdir(dir, { recursive: true });
+        // Load the raw file to preserve unknown future keys.
+        let rawObj = {};
+        try {
+            const raw = await readFile(path, 'utf8');
+            const parsed = JSON.parse(raw);
+            if (typeof parsed === 'object' && parsed !== null) {
+                rawObj = parsed;
+            }
+        }
+        catch {
+            // Missing or corrupt file — start from empty
+        }
+        delete rawObj['claudeOauthToken'];
+        await atomicWrite(path, JSON.stringify(rawObj, null, 2));
+    }
+    catch {
+        // Never throws — clear is best-effort
+    }
+}
+/**
+ * Inject a previously-saved Claude OAuth token into `env` if:
+ *   1. A token is stored in `~/.myshell-tools/credentials.json`, AND
+ *   2. `env.CLAUDE_CODE_OAUTH_TOKEN` is not already set (user's explicit env wins).
+ *
+ * Called once at the very top of `main()` so every code path — detection,
+ * spawned `claude -p …`, and the menu — sees the token without the user
+ * needing to export it manually.
+ *
+ * Never throws.
+ */
+export async function applyStoredCredentials(env, homeDir) {
+    try {
+        // Never overwrite an explicitly-set env var — user's env wins.
+        if (env['CLAUDE_CODE_OAUTH_TOKEN'] !== undefined) {
+            return;
+        }
+        const creds = await loadCredentials(homeDir);
+        if (creds.claudeOauthToken !== undefined) {
+            env['CLAUDE_CODE_OAUTH_TOKEN'] = creds.claudeOauthToken;
+        }
+    }
+    catch {
+        // Never throws — startup injection is best-effort
+    }
+}
+// ---------------------------------------------------------------------------
+// Pure token extraction helper
+// ---------------------------------------------------------------------------
+/**
+ * Extract the first Claude long-lived OAuth token from `text`.
+ *
+ * Token format: `sk-ant-oat` followed by optional digits/lowercase-letters,
+ * then a dash, then one or more Base64url characters (`[A-Za-z0-9_-]+`).
+ *
+ * Returns `null` when no token is found. Never throws.
+ *
+ * @example
+ *   extractClaudeToken('Token: sk-ant-oat01-abc-XYZ123') // → 'sk-ant-oat01-abc-XYZ123'
+ *   extractClaudeToken('no token here')                   // → null
+ */
+export function extractClaudeToken(text) {
+    try {
+        const match = text.match(/sk-ant-oat[0-9a-z]*-[A-Za-z0-9_-]+/);
+        return match !== null && match[0] !== undefined ? match[0] : null;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=credentials.js.map

package/dist/infra/credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../src/infra/credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAU1C,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E,SAAS,iBAAiB,CAAC,IAAY;IACrC,OAAO,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,OAAO,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,kBAAkB,CAAC,CAAC;AAC3D,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,gBAAgB,CAAC,GAAW;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAC;QAC1C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YAClD,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,GAAG,GAAG,MAAiC,CAAC;QAC9C,MAAM,MAAM,GAAgB,EAAE,CAAC;QAC/B,IAAI,OAAO,GAAG,CAAC,kBAAkB,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,kBAAkB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtF,MAAM,CAAC,gBAAgB,GAAG,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAgB;IACpD,MAAM,IAAI,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;QAC7D,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAa,EAAE,OAAgB;IACnE,MAAM,IAAI,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;IAClC,MAAM,GAAG,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAEtC,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEtC,iFAAiF;IACjF,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;IAChD,MAAM,OAAO,GAAgB,EAAE,GAAG,QAAQ,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;IAEtE,gEAAgE;IAChE,MAAM,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAE1D,2EAA2E;IAC3E,iEAAiE;IACjE,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;IACnD,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAgB;IACrD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEtC,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtC,qDAAqD;QACrD,IAAI,MAAM,GAA4B,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAC;YAC1C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gBAClD,MAAM,GAAG,MAAiC,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6CAA6C;QAC/C,CAAC;QAED,OAAO,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAClC,MAAM,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,sCAAsC;IACxC,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,GAAsB,EACtB,OAAgB;IAEhB,IAAI,CAAC;QACH,+DAA+D;QAC/D,IAAI,GAAG,CAAC,yBAAyB,CAAC,KAAK,SAAS,EAAE,CAAC;YACjD,OAAO;QACT,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACzC,GAAG,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,gBAAgB,CAAC;QAC1D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kDAAkD;IACpD,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,+BAA+B;AAC/B,8EAA8E;AAE9E;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAC/D,OAAO,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/infra/pricing.d.ts

@@ -10,7 +10,7 @@
  * Captured        : 2026-05-29
  */
 export interface ModelPricing {
-    readonly provider: 'claude' | 'codex';
+    readonly provider: 'claude' | 'codex' | 'opencode';
     readonly model: string;
     readonly aliases: readonly string[];
     readonly tier: 'worker' | 'ic' | 'manager';
@@ -35,11 +35,24 @@ export declare function getModelPricing(provider: string, model: string): ModelP
 export declare function calculateCost(inputTokens: number, outputTokens: number, pricing: ModelPricing): number;
 /**
  * Return the cheapest model (lowest inputPer1M) for a given tier,
- * optionally restricted to the supplied provider IDs.
+ * optionally restricted to the supplied provider IDs and/or an allowed-model set.
  *
- * Throws if no matching model exists.
+ * When `allowedModels` is supplied and non-empty for the relevant provider(s),
+ * only models whose `model` id or any alias appears in `allowedModels` are
+ * considered. The match is case-insensitive (mirrors getModelPricing behaviour).
+ * If no candidates survive the allowed-model filter, the filter is ignored and
+ * the full provider-scoped set is used (graceful degradation — never throws due
+ * to a missing advertised model).
+ *
+ * Throws if no matching model exists (no tier entries at all, or no entries for
+ * the given providers).
+ *
+ * @param tier              - Orchestration tier to select for.
+ * @param availableProviders - Restrict to these provider IDs when supplied.
+ * @param allowedModels     - Further restrict to models advertised by the CLI.
+ *                            The set contains model IDs and/or aliases (any case).
  */
-export declare function getCheapestForTier(tier: 'worker' | 'ic' | 'manager', availableProviders?: string[]): ModelPricing;
+export declare function getCheapestForTier(tier: 'worker' | 'ic' | 'manager', availableProviders?: string[], allowedModels?: readonly string[]): ModelPricing;
 /**
  * Returns true when the pricing table is older than maxAgeDays (default 90).
  * Useful for emitting a staleness warning at runtime.

package/dist/infra/pricing.js

@@ -17,6 +17,7 @@ export const PRICING_TABLE = {
     sourceUrls: [
         'https://www.anthropic.com/pricing',
         'https://platform.openai.com/docs/pricing',
+        'https://opencode.ai/docs',
     ],
     models: [
         // ---- Anthropic / Claude ------------------------------------------------
@@ -93,6 +94,48 @@ export const PRICING_TABLE = {
             outputPer1M: 14,
             contextWindow: 128_000,
         },
+        // ---- opencode ----------------------------------------------------------
+        // opencode ships free models whose real cost is reported at runtime via the
+        // step_finish `cost` field in JSONL output (see opencode.ts). The zero-cost
+        // entries below exist solely for model SELECTION by getCheapestForTier/route
+        // when opencode is the only available provider. They must NOT displace
+        // claude/codex in the pricing sort when those providers are also available,
+        // because opencode's cost=0 entries would always win. The route() function
+        // respects providerOrderByTier (opencode last) before falling back to the
+        // pricing table, so this zero-cost sentinel is safe.
+        {
+            provider: 'opencode',
+            model: 'opencode/mimo-v2.5-free',
+            aliases: ['mimo-v2.5-free', 'opencode-worker'],
+            tier: 'worker',
+            // Real cost is reported at runtime by opencode's step_finish event.
+            // Zero here is a placeholder for model selection only — not for billing.
+            inputPer1M: 0,
+            outputPer1M: 0,
+            contextWindow: 32_000,
+        },
+        {
+            provider: 'opencode',
+            model: 'opencode/deepseek-v4-flash-free',
+            aliases: ['deepseek-v4-flash-free', 'opencode-free'],
+            tier: 'ic',
+            // Real cost is reported at runtime by opencode's step_finish event.
+            // Zero here is a placeholder for model selection only — not for billing.
+            inputPer1M: 0,
+            outputPer1M: 0,
+            contextWindow: 128_000,
+        },
+        {
+            provider: 'opencode',
+            model: 'opencode/big-pickle',
+            aliases: ['big-pickle', 'opencode-manager'],
+            tier: 'manager',
+            // Real cost is reported at runtime by opencode's step_finish event.
+            // Zero here is a placeholder for model selection only — not for billing.
+            inputPer1M: 0,
+            outputPer1M: 0,
+            contextWindow: 128_000,
+        },
     ],
 };
 // ---------------------------------------------------------------------------
@@ -118,11 +161,24 @@ export function calculateCost(inputTokens, outputTokens, pricing) {
 }
 /**
  * Return the cheapest model (lowest inputPer1M) for a given tier,
- * optionally restricted to the supplied provider IDs.
+ * optionally restricted to the supplied provider IDs and/or an allowed-model set.
  *
- * Throws if no matching model exists.
+ * When `allowedModels` is supplied and non-empty for the relevant provider(s),
+ * only models whose `model` id or any alias appears in `allowedModels` are
+ * considered. The match is case-insensitive (mirrors getModelPricing behaviour).
+ * If no candidates survive the allowed-model filter, the filter is ignored and
+ * the full provider-scoped set is used (graceful degradation — never throws due
+ * to a missing advertised model).
+ *
+ * Throws if no matching model exists (no tier entries at all, or no entries for
+ * the given providers).
+ *
+ * @param tier              - Orchestration tier to select for.
+ * @param availableProviders - Restrict to these provider IDs when supplied.
+ * @param allowedModels     - Further restrict to models advertised by the CLI.
+ *                            The set contains model IDs and/or aliases (any case).
  */
-export function getCheapestForTier(tier, availableProviders) {
+export function getCheapestForTier(tier, availableProviders, allowedModels) {
     let candidates = PRICING_TABLE.models.filter((m) => m.tier === tier);
     if (availableProviders && availableProviders.length > 0) {
         candidates = candidates.filter((m) => availableProviders.includes(m.provider));
@@ -131,6 +187,20 @@ export function getCheapestForTier(tier, availableProviders) {
         throw new Error(`No models available for tier "${tier}"` +
             (availableProviders ? ` with providers [${availableProviders.join(', ')}]` : ''));
     }
+    // When an allowed-model set is provided and non-empty, further restrict
+    // candidates to those whose model id or any alias appears in the set.
+    // Case-insensitive to match getModelPricing behaviour.
+    if (allowedModels !== undefined && allowedModels.length > 0) {
+        const allowed = new Set(allowedModels.map((a) => a.toLowerCase()));
+        const filtered = candidates.filter((m) => allowed.has(m.model.toLowerCase()) ||
+            m.aliases.some((a) => allowed.has(a.toLowerCase())));
+        // Graceful degradation: if the filter eliminates all candidates (e.g. the
+        // provider advertised a model not yet in our pricing table), fall back to the
+        // full provider-scoped set — never throw, never return nothing.
+        if (filtered.length > 0) {
+            candidates = filtered;
+        }
+    }
     // Primary sort: inputPer1M ascending; secondary: outputPer1M ascending
     return candidates.reduce((cheapest, m) => m.inputPer1M < cheapest.inputPer1M ||
         (m.inputPer1M === cheapest.inputPer1M && m.outputPer1M < cheapest.outputPer1M)

package/dist/infra/pricing.js.map

@@ -1 +1 @@
-{"version":3,"file":"pricing.js","sourceRoot":"","sources":["../../src/infra/pricing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAsBH,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,MAAM,CAAC,MAAM,aAAa,GAAiB;IACzC,IAAI,EAAE,YAAY;IAClB,UAAU,EAAE;QACV,mCAAmC;QACnC,0CAA0C;KAC3C;IACD,MAAM,EAAE;QACN,2EAA2E;QAC3E;YACE,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,iBAAiB;YACxB,OAAO,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,iBAAiB,CAAC;YAChD,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,mBAAmB;YAC1B,OAAO,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,mBAAmB,CAAC;YACtD,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,kBAAkB;YACzB,OAAO,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,kBAAkB,CAAC;YACnD,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,GAAG;YACf,WAAW,EAAE,CAAC;YACd,aAAa,EAAE,OAAO;SACvB;QAED,2EAA2E;QAC3E;YACE,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;YAC9B,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;YAC9B,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,GAAG;YACf,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,cAAc;YACrB,OAAO,EAAE,CAAC,aAAa,EAAE,cAAc,CAAC;YACxC,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,IAAI;YAChB,WAAW,EAAE,GAAG;YAChB,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,cAAc;YACrB,OAAO,EAAE,CAAC,aAAa,EAAE,cAAc,CAAC;YACxC,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,GAAG;YACf,WAAW,EAAE,IAAI;YACjB,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,eAAe;YACtB,OAAO,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,eAAe,CAAC;YACnD,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,IAAI;YAChB,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,OAAO;SACvB;KACF;CACF,CAAC;AAEF,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAgB,EAChB,KAAa;IAEb,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACnC,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAC9B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,QAAQ;QACvB,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,MAAM;YAC/B,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,CAAC,CACvD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,WAAmB,EACnB,YAAoB,EACpB,OAAqB;IAErB,MAAM,SAAS,GAAG,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IACjE,MAAM,UAAU,GAAG,CAAC,YAAY,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;IACpE,OAAO,SAAS,GAAG,UAAU,CAAC;AAChC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAChC,IAAiC,EACjC,kBAA6B;IAE7B,IAAI,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IAErE,IAAI,kBAAkB,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACnC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CACxC,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CACb,iCAAiC,IAAI,GAAG;YACtC,CAAC,kBAAkB,CAAC,CAAC,CAAC,oBAAoB,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CACnF,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU;QAClC,CAAC,CAAC,CAAC,UAAU,KAAK,QAAQ,CAAC,UAAU,IAAI,CAAC,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;QAC5E,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,QAAQ,CACb,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,UAAU,GAAG,EAAE;IAC5C,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACjD,OAAO,QAAQ,GAAG,UAAU,CAAC;AAC/B,CAAC"}
+{"version":3,"file":"pricing.js","sourceRoot":"","sources":["../../src/infra/pricing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAsBH,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,MAAM,CAAC,MAAM,aAAa,GAAiB;IACzC,IAAI,EAAE,YAAY;IAClB,UAAU,EAAE;QACV,mCAAmC;QACnC,0CAA0C;QAC1C,0BAA0B;KAC3B;IACD,MAAM,EAAE;QACN,2EAA2E;QAC3E;YACE,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,iBAAiB;YACxB,OAAO,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,iBAAiB,CAAC;YAChD,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,mBAAmB;YAC1B,OAAO,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,mBAAmB,CAAC;YACtD,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,kBAAkB;YACzB,OAAO,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,kBAAkB,CAAC;YACnD,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,GAAG;YACf,WAAW,EAAE,CAAC;YACd,aAAa,EAAE,OAAO;SACvB;QAED,2EAA2E;QAC3E;YACE,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;YAC9B,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;YAC9B,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,GAAG;YACf,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,cAAc;YACrB,OAAO,EAAE,CAAC,aAAa,EAAE,cAAc,CAAC;YACxC,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,IAAI;YAChB,WAAW,EAAE,GAAG;YAChB,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,cAAc;YACrB,OAAO,EAAE,CAAC,aAAa,EAAE,cAAc,CAAC;YACxC,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,GAAG;YACf,WAAW,EAAE,IAAI;YACjB,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,eAAe;YACtB,OAAO,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,eAAe,CAAC;YACnD,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,IAAI;YAChB,WAAW,EAAE,EAAE;YACf,aAAa,EAAE,OAAO;SACvB;QAED,2EAA2E;QAC3E,4EAA4E;QAC5E,4EAA4E;QAC5E,6EAA6E;QAC7E,uEAAuE;QACvE,4EAA4E;QAC5E,2EAA2E;QAC3E,0EAA0E;QAC1E,qDAAqD;QACrD;YACE,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,yBAAyB;YAChC,OAAO,EAAE,CAAC,gBAAgB,EAAE,iBAAiB,CAAC;YAC9C,IAAI,EAAE,QAAQ;YACd,oEAAoE;YACpE,yEAAyE;YACzE,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,CAAC;YACd,aAAa,EAAE,MAAM;SACtB;QACD;YACE,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,iCAAiC;YACxC,OAAO,EAAE,CAAC,wBAAwB,EAAE,eAAe,CAAC;YACpD,IAAI,EAAE,IAAI;YACV,oEAAoE;YACpE,yEAAyE;YACzE,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,CAAC;YACd,aAAa,EAAE,OAAO;SACvB;QACD;YACE,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,qBAAqB;YAC5B,OAAO,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;YAC3C,IAAI,EAAE,SAAS;YACf,oEAAoE;YACpE,yEAAyE;YACzE,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,CAAC;YACd,aAAa,EAAE,OAAO;SACvB;KACF;CACF,CAAC;AAEF,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAgB,EAChB,KAAa;IAEb,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACnC,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAC9B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,QAAQ;QACvB,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,MAAM;YAC/B,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,CAAC,CACvD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,WAAmB,EACnB,YAAoB,EACpB,OAAqB;IAErB,MAAM,SAAS,GAAG,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IACjE,MAAM,UAAU,GAAG,CAAC,YAAY,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;IACpE,OAAO,SAAS,GAAG,UAAU,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,kBAAkB,CAChC,IAAiC,EACjC,kBAA6B,EAC7B,aAAiC;IAEjC,IAAI,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IAErE,IAAI,kBAAkB,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACnC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CACxC,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CACb,iCAAiC,IAAI,GAAG;YACtC,CAAC,kBAAkB,CAAC,CAAC,CAAC,oBAAoB,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CACnF,CAAC;IACJ,CAAC;IAED,wEAAwE;IACxE,sEAAsE;IACtE,uDAAuD;IACvD,IAAI,aAAa,KAAK,SAAS,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAChC,CAAC,CAAC,EAAE,EAAE,CACJ,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;YAClC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CACtD,CAAC;QACF,0EAA0E;QAC1E,8EAA8E;QAC9E,gEAAgE;QAChE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,UAAU,GAAG,QAAQ,CAAC;QACxB,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU;QAClC,CAAC,CAAC,CAAC,UAAU,KAAK,QAAQ,CAAC,UAAU,IAAI,CAAC,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;QAC5E,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,QAAQ,CACb,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,UAAU,GAAG,EAAE;IAC5C,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACjD,OAAO,QAAQ,GAAG,UAAU,CAAC;AAC/B,CAAC"}

package/dist/interface/menu.d.ts

@@ -22,6 +22,7 @@ import type { SpendSummary } from '../infra/insights.js';
 import type { EnvironmentStatus } from '../providers/detect.js';
 import type { Provider, ProviderId, SandboxLevel } from '../providers/port.js';
 import type { OutputSink } from './render.js';
+import type { LoginMethod } from '../commands/login.js';
 export interface MenuContext {
     readonly version: string;
     readonly clock: Clock;
@@ -41,6 +42,31 @@ export interface MenuContext {
      * Returns the next trimmed line of input, or `null` on EOF/close.
      */
     readonly readLine?: () => Promise<string | null>;
+    /**
+     * Optional injected installProvider for testing. When provided, `startMenu`
+     * uses this instead of the real `installProvider` from providers/install.ts,
+     * preventing real `npm install -g …` subprocesses from spawning during tests.
+     */
+    readonly installProvider?: (id: ProviderId, out: OutputSink) => Promise<boolean>;
+    /**
+     * Optional injected login function for testing. When provided, `startMenu`
+     * uses this instead of the real `runLogin` from commands/login.ts, preventing
+     * real `claude`/`codex login` subprocesses from spawning during tests.
+     *
+     * The third argument mirrors the `opts` parameter of `runLogin` so the menu
+     * can pass the shared `readLine` function for the token-paste prompt.
+     */
+    readonly login?: (out: OutputSink, providerArg?: string, opts?: {
+        method?: LoginMethod;
+        readLine?: () => Promise<string | null>;
+    }) => Promise<number>;
+    /**
+     * Optional injected detectEnvironment for testing. When provided, `startMenu`
+     * uses this instead of the real `detectEnvironment` from providers/detect.ts,
+     * preventing real `claude`/`codex`/`opencode --version` subprocesses from
+     * spawning during tests (e.g. after first-run onboarding or [j]/[k]/[o] login).
+     */
+    readonly detectEnvironment?: () => Promise<EnvironmentStatus>;
 }
 /**
  * Return the shell alias hint the user can add to their shell profile to make