o-switcher 0.1.0

package/dist/plugin.cjs

@@ -0,0 +1,1177 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/plugin.ts
+var plugin_exports = {};
+__export(plugin_exports, {
+  default: () => plugin_default,
+  server: () => server
+});
+module.exports = __toCommonJS(plugin_exports);
+
+// src/config/schema.ts
+var import_zod = require("zod");
+
+// src/config/defaults.ts
+var DEFAULT_RETRY_BUDGET = 3;
+var DEFAULT_FAILOVER_BUDGET = 2;
+var DEFAULT_BACKOFF_BASE_MS = 1e3;
+var DEFAULT_BACKOFF_MULTIPLIER = 2;
+var DEFAULT_BACKOFF_MAX_MS = 3e4;
+var DEFAULT_BACKOFF_JITTER = "full";
+var DEFAULT_ROUTING_WEIGHT_HEALTH = 1;
+var DEFAULT_ROUTING_WEIGHT_LATENCY = 0.5;
+var DEFAULT_ROUTING_WEIGHT_FAILURE = 0.8;
+var DEFAULT_ROUTING_WEIGHT_PRIORITY = 0.3;
+var DEFAULT_MAX_EXPECTED_LATENCY_MS = 3e4;
+var DEFAULT_QUEUE_LIMIT = 100;
+var DEFAULT_GLOBAL_CONCURRENCY_LIMIT = 10;
+var DEFAULT_BACKPRESSURE_THRESHOLD = 50;
+var DEFAULT_CB_FAILURE_THRESHOLD = 5;
+var DEFAULT_CB_FAILURE_RATE_THRESHOLD = 0.5;
+var DEFAULT_CB_SLIDING_WINDOW_SIZE = 10;
+var DEFAULT_CB_HALF_OPEN_AFTER_MS = 3e4;
+var DEFAULT_CB_HALF_OPEN_MAX_PROBES = 1;
+var DEFAULT_CB_SUCCESS_THRESHOLD = 2;
+
+// src/config/schema.ts
+var BackoffConfigSchema = import_zod.z.object({
+  base_ms: import_zod.z.number().positive().default(DEFAULT_BACKOFF_BASE_MS),
+  multiplier: import_zod.z.number().positive().default(DEFAULT_BACKOFF_MULTIPLIER),
+  max_ms: import_zod.z.number().positive().default(DEFAULT_BACKOFF_MAX_MS),
+  jitter: import_zod.z.enum(["full", "equal", "none"]).default(DEFAULT_BACKOFF_JITTER)
+});
+var RoutingWeightsSchema = import_zod.z.object({
+  health: import_zod.z.number().default(DEFAULT_ROUTING_WEIGHT_HEALTH),
+  latency: import_zod.z.number().default(DEFAULT_ROUTING_WEIGHT_LATENCY),
+  failure: import_zod.z.number().default(DEFAULT_ROUTING_WEIGHT_FAILURE),
+  priority: import_zod.z.number().default(DEFAULT_ROUTING_WEIGHT_PRIORITY)
+});
+var CircuitBreakerConfigSchema = import_zod.z.object({
+  failure_threshold: import_zod.z.number().int().positive().default(DEFAULT_CB_FAILURE_THRESHOLD),
+  failure_rate_threshold: import_zod.z.number().gt(0).lt(1).default(DEFAULT_CB_FAILURE_RATE_THRESHOLD),
+  sliding_window_size: import_zod.z.number().int().positive().default(DEFAULT_CB_SLIDING_WINDOW_SIZE),
+  half_open_after_ms: import_zod.z.number().positive().default(DEFAULT_CB_HALF_OPEN_AFTER_MS),
+  half_open_max_probes: import_zod.z.number().int().positive().default(DEFAULT_CB_HALF_OPEN_MAX_PROBES),
+  success_threshold: import_zod.z.number().int().positive().default(DEFAULT_CB_SUCCESS_THRESHOLD)
+});
+var TargetConfigSchema = import_zod.z.object({
+  target_id: import_zod.z.string().min(1),
+  provider_id: import_zod.z.string().min(1),
+  profile: import_zod.z.string().optional(),
+  endpoint_id: import_zod.z.string().optional(),
+  capabilities: import_zod.z.array(import_zod.z.string()).default([]),
+  enabled: import_zod.z.boolean().default(true),
+  operator_priority: import_zod.z.number().int().default(0),
+  policy_tags: import_zod.z.array(import_zod.z.string()).default([]),
+  retry_budget: import_zod.z.number().int().positive().optional(),
+  failover_budget: import_zod.z.number().int().positive().optional(),
+  backoff: BackoffConfigSchema.optional(),
+  concurrency_limit: import_zod.z.number().int().positive().optional(),
+  circuit_breaker: CircuitBreakerConfigSchema.optional()
+});
+var SwitcherConfigSchema = import_zod.z.object({
+  targets: import_zod.z.array(TargetConfigSchema).min(1).optional(),
+  retry: import_zod.z.number().int().positive().optional(),
+  timeout: import_zod.z.number().positive().optional(),
+  retry_budget: import_zod.z.number().int().positive().default(DEFAULT_RETRY_BUDGET),
+  failover_budget: import_zod.z.number().int().positive().default(DEFAULT_FAILOVER_BUDGET),
+  backoff: BackoffConfigSchema.default({
+    base_ms: DEFAULT_BACKOFF_BASE_MS,
+    multiplier: DEFAULT_BACKOFF_MULTIPLIER,
+    max_ms: DEFAULT_BACKOFF_MAX_MS,
+    jitter: DEFAULT_BACKOFF_JITTER
+  }),
+  deployment_mode_hint: import_zod.z.enum(["plugin-only", "server-companion", "sdk-control", "auto"]).default("auto"),
+  routing_weights: RoutingWeightsSchema.default({
+    health: DEFAULT_ROUTING_WEIGHT_HEALTH,
+    latency: DEFAULT_ROUTING_WEIGHT_LATENCY,
+    failure: DEFAULT_ROUTING_WEIGHT_FAILURE,
+    priority: DEFAULT_ROUTING_WEIGHT_PRIORITY
+  }),
+  queue_limit: import_zod.z.number().int().positive().default(DEFAULT_QUEUE_LIMIT),
+  concurrency_limit: import_zod.z.number().int().positive().default(DEFAULT_GLOBAL_CONCURRENCY_LIMIT),
+  backpressure_threshold: import_zod.z.number().int().nonnegative().default(DEFAULT_BACKPRESSURE_THRESHOLD),
+  circuit_breaker: CircuitBreakerConfigSchema.default({
+    failure_threshold: DEFAULT_CB_FAILURE_THRESHOLD,
+    failure_rate_threshold: DEFAULT_CB_FAILURE_RATE_THRESHOLD,
+    sliding_window_size: DEFAULT_CB_SLIDING_WINDOW_SIZE,
+    half_open_after_ms: DEFAULT_CB_HALF_OPEN_AFTER_MS,
+    half_open_max_probes: DEFAULT_CB_HALF_OPEN_MAX_PROBES,
+    success_threshold: DEFAULT_CB_SUCCESS_THRESHOLD
+  }),
+  max_expected_latency_ms: import_zod.z.number().positive().default(DEFAULT_MAX_EXPECTED_LATENCY_MS)
+});
+
+// src/config/loader.ts
+var ConfigValidationError = class extends Error {
+  diagnostics;
+  constructor(diagnostics) {
+    const summary = diagnostics.map((d) => `  ${d.path}: ${d.message}`).join("\n");
+    super(`Invalid O-Switcher configuration:
+${summary}`);
+    this.name = "ConfigValidationError";
+    this.diagnostics = diagnostics;
+  }
+};
+var validateConfig = (raw) => {
+  const result = SwitcherConfigSchema.safeParse(raw);
+  if (result.success) {
+    const data = { ...result.data };
+    if (data.retry !== void 0 && data.retry_budget === DEFAULT_RETRY_BUDGET) {
+      data.retry_budget = data.retry;
+    }
+    if (data.timeout !== void 0 && data.max_expected_latency_ms === DEFAULT_MAX_EXPECTED_LATENCY_MS) {
+      data.max_expected_latency_ms = data.timeout;
+    }
+    if (data.targets !== void 0) {
+      const seen = /* @__PURE__ */ new Set();
+      const duplicateDiagnostics = [];
+      for (const target of data.targets) {
+        const key = `${target.provider_id}::${target.profile ?? "__default__"}`;
+        if (seen.has(key)) {
+          duplicateDiagnostics.push({
+            path: "targets",
+            message: `Duplicate provider_id + profile combination: ${key}`,
+            received: key
+          });
+        }
+        seen.add(key);
+      }
+      if (duplicateDiagnostics.length > 0) {
+        throw new ConfigValidationError(duplicateDiagnostics);
+      }
+    }
+    return Object.freeze(data);
+  }
+  const diagnostics = result.error.issues.map(
+    (issue) => ({
+      path: issue.path.join("."),
+      message: issue.message,
+      received: "expected" in issue ? issue.expected : void 0
+    })
+  );
+  throw new ConfigValidationError(diagnostics);
+};
+
+// src/config/discovery.ts
+var discoverTargets = (providerConfig) => {
+  const targets = [];
+  for (const [key, value] of Object.entries(providerConfig)) {
+    if (!value) continue;
+    const raw = {
+      target_id: key,
+      provider_id: value.id ?? key,
+      capabilities: ["chat"],
+      enabled: true,
+      operator_priority: 0,
+      policy_tags: []
+    };
+    const parsed = TargetConfigSchema.parse(raw);
+    targets.push(parsed);
+  }
+  return targets;
+};
+var discoverTargetsFromProfiles = (store) => {
+  const targets = [];
+  for (const entry of Object.values(store)) {
+    if (!entry) continue;
+    const raw = {
+      target_id: entry.id,
+      provider_id: entry.provider,
+      profile: entry.id,
+      capabilities: ["chat"],
+      enabled: true,
+      operator_priority: 0,
+      policy_tags: []
+    };
+    const parsed = TargetConfigSchema.parse(raw);
+    targets.push(parsed);
+  }
+  return targets;
+};
+
+// src/registry/health.ts
+var INITIAL_HEALTH_SCORE = 1;
+var DEFAULT_ALPHA = 0.1;
+var updateHealthScore = (currentScore, observation, alpha = DEFAULT_ALPHA) => alpha * observation + (1 - alpha) * currentScore;
+var updateLatencyEma = (currentEma, observedMs, alpha = DEFAULT_ALPHA) => alpha * observedMs + (1 - alpha) * currentEma;
+
+// src/registry/registry.ts
+var TargetRegistry = class {
+  targets;
+  constructor(config) {
+    this.targets = new Map(
+      (config.targets ?? []).map((t) => [
+        t.target_id,
+        {
+          target_id: t.target_id,
+          provider_id: t.provider_id,
+          profile: t.profile,
+          endpoint_id: t.endpoint_id,
+          capabilities: [...t.capabilities],
+          enabled: t.enabled,
+          state: "Active",
+          health_score: INITIAL_HEALTH_SCORE,
+          cooldown_until: null,
+          latency_ema_ms: 0,
+          failure_score: 0,
+          operator_priority: t.operator_priority,
+          policy_tags: [...t.policy_tags]
+        }
+      ])
+    );
+  }
+  /** Returns the target entry for the given id, or undefined if not found. */
+  getTarget(id) {
+    return this.targets.get(id);
+  }
+  /** Returns a readonly array of all target entries. */
+  getAllTargets() {
+    return [...this.targets.values()];
+  }
+  /**
+   * Updates the state of a target.
+   * @returns true if the target was found and updated, false otherwise.
+   */
+  updateState(id, newState) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return false;
+    }
+    this.targets.set(id, { ...target, state: newState });
+    return true;
+  }
+  /**
+   * Records a success (1) or failure (0) observation for a target.
+   * Updates health_score via EMA.
+   */
+  recordObservation(id, observation) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return;
+    }
+    const newHealthScore = updateHealthScore(
+      target.health_score,
+      observation
+    );
+    this.targets.set(id, { ...target, health_score: newHealthScore });
+  }
+  /** Sets the cooldown_until timestamp for a target. */
+  setCooldown(id, untilMs) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return;
+    }
+    this.targets.set(id, { ...target, cooldown_until: untilMs });
+  }
+  /** Updates the latency EMA for a target. */
+  updateLatency(id, ms) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return;
+    }
+    const newLatency = updateLatencyEma(target.latency_ema_ms, ms);
+    this.targets.set(id, { ...target, latency_ema_ms: newLatency });
+  }
+  /**
+   * Adds a new target entry to the registry.
+   * @returns true if added, false if target_id already exists.
+   */
+  addTarget(entry) {
+    if (this.targets.has(entry.target_id)) {
+      return false;
+    }
+    this.targets.set(entry.target_id, entry);
+    return true;
+  }
+  /**
+   * Removes a target entry from the registry.
+   * @returns true if found and removed, false if not found.
+   */
+  removeTarget(id) {
+    return this.targets.delete(id);
+  }
+  /** Returns a deep-frozen snapshot of all targets. */
+  getSnapshot() {
+    const snapshot = {
+      targets: [...this.targets.values()].map((t) => ({ ...t }))
+    };
+    return Object.freeze(snapshot);
+  }
+};
+var createRegistry = (config) => new TargetRegistry(config);
+
+// src/audit/logger.ts
+var import_pino = __toESM(require("pino"), 1);
+var import_node_crypto = __toESM(require("crypto"), 1);
+var REDACT_PATHS = [
+  "api_key",
+  "token",
+  "secret",
+  "password",
+  "authorization",
+  "credential",
+  "credentials",
+  "*.api_key",
+  "*.token",
+  "*.secret",
+  "*.password",
+  "*.authorization",
+  "*.credential",
+  "*.credentials"
+];
+var createAuditLogger = (options) => {
+  const opts = {
+    level: options?.level ?? "info",
+    redact: {
+      paths: [...REDACT_PATHS],
+      censor: "[Redacted]"
+    }
+  };
+  if (options?.destination) {
+    return (0, import_pino.default)(opts, options.destination);
+  }
+  return (0, import_pino.default)(opts);
+};
+var generateCorrelationId = () => import_node_crypto.default.randomUUID();
+
+// src/routing/events.ts
+var import_eventemitter3 = require("eventemitter3");
+var createRoutingEventBus = () => new import_eventemitter3.EventEmitter();
+
+// src/routing/dual-breaker.ts
+var import_cockatiel = require("cockatiel");
+var DualBreaker = class {
+  consecutive;
+  count;
+  constructor(consecutiveThreshold, countOpts) {
+    this.consecutive = new import_cockatiel.ConsecutiveBreaker(consecutiveThreshold);
+    this.count = new import_cockatiel.CountBreaker(countOpts);
+  }
+  /** Serializable state for both internal breakers. */
+  get state() {
+    return {
+      consecutive: this.consecutive.state,
+      count: this.count.state
+    };
+  }
+  /** Restore state for both internal breakers. */
+  set state(value) {
+    const v = value;
+    this.consecutive.state = v.consecutive;
+    this.count.state = v.count;
+  }
+  /**
+   * Record success on both breakers.
+   * ConsecutiveBreaker.success() takes no args (resets counter).
+   * CountBreaker.success() takes CircuitState.
+   */
+  success(state) {
+    this.consecutive.success();
+    this.count.success(state);
+  }
+  /**
+   * Record failure on both breakers.
+   * Returns true if EITHER breaker trips (OR logic).
+   * ConsecutiveBreaker.failure() takes no args.
+   * CountBreaker.failure() takes CircuitState.
+   */
+  failure(state) {
+    const consecutiveTripped = this.consecutive.failure();
+    const countTripped = this.count.failure(state);
+    return consecutiveTripped || countTripped;
+  }
+};
+
+// src/routing/circuit-breaker.ts
+var import_cockatiel2 = require("cockatiel");
+var import_eventemitter32 = require("eventemitter3");
+var COCKATIEL_TO_TARGET = /* @__PURE__ */ new Map([
+  [import_cockatiel2.CircuitState.Closed, "Active"],
+  [import_cockatiel2.CircuitState.Open, "CircuitOpen"],
+  [import_cockatiel2.CircuitState.HalfOpen, "CircuitHalfOpen"],
+  [import_cockatiel2.CircuitState.Isolated, "Disabled"]
+]);
+var toTargetState = (state) => COCKATIEL_TO_TARGET.get(state) ?? "Disabled";
+var createCircuitBreaker = (targetId, config, eventBus) => {
+  const createPolicy = () => {
+    const breaker = new DualBreaker(config.failure_threshold, {
+      threshold: config.failure_rate_threshold,
+      size: config.sliding_window_size
+    });
+    const policy = (0, import_cockatiel2.circuitBreaker)(import_cockatiel2.handleAll, {
+      halfOpenAfter: config.half_open_after_ms,
+      breaker
+    });
+    return { policy, breaker };
+  };
+  let current = createPolicy();
+  let previousState = import_cockatiel2.CircuitState.Closed;
+  let openedAtMs = 0;
+  const subscribeEvents = (policy) => {
+    policy.onStateChange((newState) => {
+      if (newState === import_cockatiel2.CircuitState.Open) {
+        openedAtMs = Date.now();
+      }
+      const from = toTargetState(previousState);
+      const to = toTargetState(newState);
+      previousState = newState;
+      if (from !== to && eventBus) {
+        eventBus.emit("circuit_state_change", {
+          target_id: targetId,
+          from,
+          to,
+          reason: `state_transition`
+        });
+      }
+    });
+  };
+  subscribeEvents(current.policy);
+  const effectiveState = () => {
+    const raw = current.policy.state;
+    if (raw === import_cockatiel2.CircuitState.Open && openedAtMs > 0 && Date.now() - openedAtMs >= config.half_open_after_ms) {
+      return import_cockatiel2.CircuitState.HalfOpen;
+    }
+    return raw;
+  };
+  return {
+    state() {
+      return toTargetState(effectiveState());
+    },
+    async recordSuccess() {
+      try {
+        await current.policy.execute(async () => void 0);
+      } catch (err) {
+        if (err instanceof import_cockatiel2.BrokenCircuitError || err instanceof import_cockatiel2.IsolatedCircuitError) {
+          return;
+        }
+        throw err;
+      }
+    },
+    async recordFailure() {
+      try {
+        await current.policy.execute(async () => {
+          throw new Error("recorded-failure");
+        });
+      } catch {
+      }
+    },
+    allowRequest() {
+      return effectiveState() !== import_cockatiel2.CircuitState.Open;
+    },
+    reset() {
+      current = createPolicy();
+      previousState = import_cockatiel2.CircuitState.Closed;
+      openedAtMs = 0;
+      subscribeEvents(current.policy);
+    }
+  };
+};
+
+// src/routing/concurrency-tracker.ts
+var createConcurrencyTracker = (defaultLimit) => {
+  const state = /* @__PURE__ */ new Map();
+  const getOrCreate = (target_id) => {
+    const existing = state.get(target_id);
+    if (existing) return existing;
+    const entry = { active: 0, limit: defaultLimit };
+    state.set(target_id, entry);
+    return entry;
+  };
+  return {
+    acquire(target_id) {
+      const entry = getOrCreate(target_id);
+      if (entry.active >= entry.limit) return false;
+      entry.active += 1;
+      return true;
+    },
+    release(target_id) {
+      const entry = state.get(target_id);
+      if (!entry || entry.active <= 0) return;
+      entry.active -= 1;
+    },
+    headroom(target_id) {
+      const entry = getOrCreate(target_id);
+      return Math.max(0, entry.limit - entry.active);
+    },
+    active(target_id) {
+      const entry = state.get(target_id);
+      return entry ? entry.active : 0;
+    },
+    setLimit(target_id, limit) {
+      const entry = getOrCreate(target_id);
+      entry.limit = limit;
+    }
+  };
+};
+
+// src/routing/cooldown.ts
+var createCooldownManager = (registry, eventBus) => ({
+  setCooldown(target_id, durationMs, errorClass) {
+    const untilMs = Date.now() + durationMs;
+    registry.setCooldown(target_id, untilMs);
+    registry.updateState(target_id, "CoolingDown");
+    eventBus?.emit("cooldown_set", {
+      target_id,
+      until_ms: untilMs,
+      error_class: errorClass
+    });
+  },
+  checkExpired(nowMs) {
+    const expired = [];
+    for (const target of registry.getAllTargets()) {
+      if (target.state === "CoolingDown" && target.cooldown_until !== null && target.cooldown_until <= nowMs) {
+        registry.setCooldown(target.target_id, 0);
+        registry.updateState(target.target_id, "Active");
+        eventBus?.emit("cooldown_expired", { target_id: target.target_id });
+        expired.push(target.target_id);
+      }
+    }
+    return expired;
+  },
+  isInCooldown(target_id, nowMs) {
+    const target = registry.getTarget(target_id);
+    if (!target) {
+      return false;
+    }
+    return target.cooldown_until !== null && target.cooldown_until > nowMs;
+  }
+});
+
+// src/routing/admission.ts
+var import_p_queue = __toESM(require("p-queue"), 1);
+
+// src/routing/log-subscriber.ts
+var createLogSubscriber = (eventBus, logger) => {
+  const log = logger.child({ component: "routing" });
+  const onCircuitStateChange = (payload) => {
+    log.info(
+      {
+        event: "circuit_state_change",
+        target_id: payload.target_id,
+        from: payload.from,
+        to: payload.to,
+        reason: payload.reason
+      },
+      "Circuit breaker transition"
+    );
+  };
+  const onCooldownSet = (payload) => {
+    log.info(
+      {
+        event: "cooldown_set",
+        target_id: payload.target_id,
+        duration_ms: payload.until_ms - Date.now(),
+        error_class: payload.error_class
+      },
+      "Cooldown set"
+    );
+  };
+  const onCooldownExpired = (payload) => {
+    log.info(
+      {
+        event: "cooldown_expired",
+        target_id: payload.target_id
+      },
+      "Cooldown expired"
+    );
+  };
+  const onAdmissionDecision = (payload) => {
+    const fields = {
+      event: "admission_decision",
+      request_id: payload.request_id,
+      result: payload.result,
+      reason: payload.reason
+    };
+    if (payload.result === "admitted" || payload.result === "queued") {
+      log.info(fields, "Admission decision");
+    } else {
+      log.warn(fields, "Admission decision");
+    }
+  };
+  const onHealthUpdated = (payload) => {
+    log.debug(
+      {
+        event: "health_updated",
+        target_id: payload.target_id,
+        old_score: payload.old_score,
+        new_score: payload.new_score
+      },
+      "Health score updated"
+    );
+  };
+  const onTargetExcluded = (payload) => {
+    log.debug(
+      {
+        event: "target_excluded",
+        target_id: payload.target_id,
+        reason: payload.reason
+      },
+      "Target excluded"
+    );
+  };
+  eventBus.on("circuit_state_change", onCircuitStateChange);
+  eventBus.on("cooldown_set", onCooldownSet);
+  eventBus.on("cooldown_expired", onCooldownExpired);
+  eventBus.on("admission_decision", onAdmissionDecision);
+  eventBus.on("health_updated", onHealthUpdated);
+  eventBus.on("target_excluded", onTargetExcluded);
+  return () => {
+    eventBus.off("circuit_state_change", onCircuitStateChange);
+    eventBus.off("cooldown_set", onCooldownSet);
+    eventBus.off("cooldown_expired", onCooldownExpired);
+    eventBus.off("admission_decision", onAdmissionDecision);
+    eventBus.off("health_updated", onHealthUpdated);
+    eventBus.off("target_excluded", onTargetExcluded);
+  };
+};
+
+// src/errors/taxonomy.ts
+var import_zod2 = require("zod");
+var RateLimitedSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("RateLimited"),
+  retryable: import_zod2.z.literal(true),
+  retry_after_ms: import_zod2.z.number().optional(),
+  provider_reason: import_zod2.z.string().optional()
+});
+var QuotaExhaustedSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("QuotaExhausted"),
+  retryable: import_zod2.z.literal(false),
+  provider_reason: import_zod2.z.string().optional()
+});
+var AuthFailureSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("AuthFailure"),
+  retryable: import_zod2.z.literal(false),
+  recovery_attempted: import_zod2.z.boolean().default(false)
+});
+var PermissionFailureSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("PermissionFailure"),
+  retryable: import_zod2.z.literal(false)
+});
+var PolicyFailureSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("PolicyFailure"),
+  retryable: import_zod2.z.literal(false)
+});
+var RegionRestrictionSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("RegionRestriction"),
+  retryable: import_zod2.z.literal(false)
+});
+var ModelUnavailableSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("ModelUnavailable"),
+  retryable: import_zod2.z.literal(false),
+  failover_eligible: import_zod2.z.literal(true)
+});
+var TransientServerFailureSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("TransientServerFailure"),
+  retryable: import_zod2.z.literal(true),
+  http_status: import_zod2.z.number().optional()
+});
+var TransportFailureSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("TransportFailure"),
+  retryable: import_zod2.z.literal(true)
+});
+var InterruptedExecutionSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("InterruptedExecution"),
+  retryable: import_zod2.z.literal(true),
+  partial_output_bytes: import_zod2.z.number().optional()
+});
+var ErrorClassSchema = import_zod2.z.discriminatedUnion("class", [
+  RateLimitedSchema,
+  QuotaExhaustedSchema,
+  AuthFailureSchema,
+  PermissionFailureSchema,
+  PolicyFailureSchema,
+  RegionRestrictionSchema,
+  ModelUnavailableSchema,
+  TransientServerFailureSchema,
+  TransportFailureSchema,
+  InterruptedExecutionSchema
+]);
+
+// src/operator/plugin-tools.ts
+var import_tool = require("@opencode-ai/plugin/tool");
+
+// src/operator/commands.ts
+var createRequestTraceBuffer = (capacity) => {
+  const entries = /* @__PURE__ */ new Map();
+  const order = [];
+  return {
+    record(entry) {
+      if (entries.has(entry.request_id)) {
+        const idx = order.indexOf(entry.request_id);
+        if (idx !== -1) {
+          order.splice(idx, 1);
+        }
+      }
+      while (order.length >= capacity) {
+        const oldest = order.shift();
+        if (oldest !== void 0) {
+          entries.delete(oldest);
+        }
+      }
+      entries.set(entry.request_id, entry);
+      order.push(entry.request_id);
+    },
+    lookup(requestId) {
+      return entries.get(requestId);
+    },
+    size() {
+      return entries.size;
+    }
+  };
+};
+
+// src/operator/plugin-tools.ts
+var { schema: z3 } = import_tool.tool;
+
+// src/profiles/store.ts
+var import_promises = require("fs/promises");
+var import_node_os = require("os");
+var import_node_path = require("path");
+var PROFILES_DIR = (0, import_node_path.join)((0, import_node_os.homedir)(), ".local", "share", "o-switcher");
+var PROFILES_PATH = (0, import_node_path.join)(PROFILES_DIR, "profiles.json");
+var loadProfiles = async (path = PROFILES_PATH) => {
+  try {
+    const content = await (0, import_promises.readFile)(path, "utf-8");
+    return JSON.parse(content);
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") {
+      return {};
+    }
+    throw err;
+  }
+};
+var saveProfiles = async (store, path = PROFILES_PATH, logger) => {
+  const dir = (0, import_node_path.dirname)(path);
+  await (0, import_promises.mkdir)(dir, { recursive: true });
+  const tmpPath = `${path}.tmp`;
+  await (0, import_promises.writeFile)(tmpPath, JSON.stringify(store, null, 2), "utf-8");
+  await (0, import_promises.rename)(tmpPath, path);
+  logger?.info({ path }, "Profiles saved to disk");
+};
+var credentialsMatch = (a, b) => {
+  if (a.type !== b.type) return false;
+  if (a.type === "api-key" && b.type === "api-key") {
+    return a.key === b.key;
+  }
+  if (a.type === "oauth" && b.type === "oauth") {
+    return a.refresh === b.refresh && a.access === b.access && a.expires === b.expires && a.accountId === b.accountId;
+  }
+  return false;
+};
+var addProfile = (store, provider, credentials) => {
+  const isDuplicate = Object.values(store).some(
+    (entry2) => entry2.provider === provider && credentialsMatch(entry2.credentials, credentials)
+  );
+  if (isDuplicate) {
+    return store;
+  }
+  const id = nextProfileId(store, provider);
+  const entry = {
+    id,
+    provider,
+    type: credentials.type,
+    credentials,
+    created: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  return { ...store, [id]: entry };
+};
+var removeProfile = (store, id) => {
+  if (store[id] === void 0) {
+    return { store, removed: false };
+  }
+  const { [id]: _removed, ...rest } = store;
+  return { store: rest, removed: true };
+};
+var listProfiles = (store) => {
+  return Object.values(store).sort(
+    (a, b) => new Date(a.created).getTime() - new Date(b.created).getTime()
+  );
+};
+var nextProfileId = (store, provider) => {
+  const prefix = `${provider}-`;
+  const maxN = Object.keys(store).filter((key) => key.startsWith(prefix)).map((key) => Number(key.slice(prefix.length))).filter((n) => !Number.isNaN(n)).reduce((max, n) => Math.max(max, n), 0);
+  return `${provider}-${maxN + 1}`;
+};
+
+// src/profiles/watcher.ts
+var import_promises2 = require("fs/promises");
+var import_node_os2 = require("os");
+var import_node_path2 = require("path");
+var AUTH_JSON_PATH = (0, import_node_path2.join)(
+  (0, import_node_os2.homedir)(),
+  ".local",
+  "share",
+  "opencode",
+  "auth.json"
+);
+var DEBOUNCE_MS = 100;
+var readAuthJson = async (path) => {
+  try {
+    const content = await (0, import_promises2.readFile)(path, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return {};
+  }
+};
+var toCredential = (entry) => {
+  if (entry.type === "oauth" || entry.refresh !== void 0 && entry.access !== void 0) {
+    return {
+      type: "oauth",
+      refresh: String(entry.refresh ?? ""),
+      access: String(entry.access ?? ""),
+      expires: Number(entry.expires ?? 0),
+      accountId: entry.accountId !== void 0 ? String(entry.accountId) : void 0
+    };
+  }
+  return {
+    type: "api-key",
+    key: String(entry.key ?? "")
+  };
+};
+var entriesEqual = (a, b) => {
+  if (a === void 0 && b === void 0) return true;
+  if (a === void 0 || b === void 0) return false;
+  return JSON.stringify(a) === JSON.stringify(b);
+};
+var createAuthWatcher = (options) => {
+  const authPath = options?.authJsonPath ?? AUTH_JSON_PATH;
+  const profPath = options?.profilesPath ?? PROFILES_PATH;
+  const log = options?.logger?.child({ component: "profile-watcher" });
+  let lastKnownAuth = {};
+  let abortController = null;
+  let debounceTimer = null;
+  let watchPromise = null;
+  const processChange = async () => {
+    const newAuth = await readAuthJson(authPath);
+    let store = await loadProfiles(profPath);
+    let changed = false;
+    for (const [provider, entry] of Object.entries(newAuth)) {
+      if (!entry) continue;
+      const previousEntry = lastKnownAuth[provider];
+      if (previousEntry !== void 0 && !entriesEqual(previousEntry, entry)) {
+        log?.info({ provider, action: "credential_changed" }, "Credential change detected \u2014 saving previous credential");
+        const prevCredential = toCredential(previousEntry);
+        const newStore = addProfile(store, provider, prevCredential);
+        if (newStore !== store) {
+          store = newStore;
+          changed = true;
+        }
+      } else if (previousEntry === void 0) {
+        log?.info({ provider, action: "new_provider" }, "New provider detected");
+        const credential = toCredential(entry);
+        const newStore = addProfile(store, provider, credential);
+        if (newStore !== store) {
+          store = newStore;
+          changed = true;
+        }
+      }
+    }
+    if (changed) {
+      await saveProfiles(store, profPath);
+      log?.info({ profiles_saved: true }, "Profiles saved to disk");
+    }
+    lastKnownAuth = newAuth;
+  };
+  const onFileChange = () => {
+    if (debounceTimer !== null) {
+      clearTimeout(debounceTimer);
+    }
+    debounceTimer = setTimeout(() => {
+      debounceTimer = null;
+      processChange().catch((err) => {
+        log?.warn({ err }, "Error processing auth change");
+      });
+    }, DEBOUNCE_MS);
+  };
+  const start = async () => {
+    const currentAuth = await readAuthJson(authPath);
+    const currentStore = await loadProfiles(profPath);
+    log?.info({ providers: Object.keys(currentAuth) }, "Auth watcher started");
+    if (Object.keys(currentStore).length === 0 && Object.keys(currentAuth).length > 0) {
+      let store = {};
+      for (const [provider, entry] of Object.entries(currentAuth)) {
+        if (!entry) continue;
+        const credential = toCredential(entry);
+        store = addProfile(store, provider, credential);
+      }
+      await saveProfiles(store, profPath);
+      log?.info({ profiles_initialized: Object.keys(store).length }, "Initialized profiles from auth.json");
+    }
+    lastKnownAuth = currentAuth;
+    abortController = new AbortController();
+    const parentDir = (0, import_node_path2.dirname)(authPath);
+    watchPromise = (async () => {
+      try {
+        const watcher = (0, import_promises2.watch)(parentDir, {
+          signal: abortController.signal
+        });
+        for await (const event of watcher) {
+          if (event.filename === "auth.json" || event.filename === null) {
+            onFileChange();
+          }
+        }
+      } catch (err) {
+        const name = err.name;
+        if (name !== "AbortError") {
+        }
+      }
+    })();
+  };
+  const stop = () => {
+    if (debounceTimer !== null) {
+      clearTimeout(debounceTimer);
+      debounceTimer = null;
+    }
+    if (abortController !== null) {
+      abortController.abort();
+      abortController = null;
+    }
+    watchPromise = null;
+    log?.info("Auth watcher stopped");
+  };
+  return { start, stop };
+};
+
+// src/profiles/tools.ts
+var import_tool2 = require("@opencode-ai/plugin/tool");
+var { schema: z4 } = import_tool2.tool;
+var createProfileTools = (options) => ({
+  profilesList: (0, import_tool2.tool)({
+    description: "List all saved auth profiles with provider, type, and creation date.",
+    args: {},
+    async execute() {
+      const store = await loadProfiles(options?.profilesPath);
+      const profiles = listProfiles(store);
+      const result = profiles.map((entry) => ({
+        id: entry.id,
+        provider: entry.provider,
+        type: entry.type,
+        created: entry.created
+      }));
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  profilesRemove: (0, import_tool2.tool)({
+    description: "Remove a saved auth profile by ID.",
+    args: { id: z4.string().min(1) },
+    async execute(args) {
+      const store = await loadProfiles(options?.profilesPath);
+      const { store: newStore, removed } = removeProfile(store, args.id);
+      if (removed) {
+        await saveProfiles(newStore, options?.profilesPath);
+        return JSON.stringify({ success: true, id: args.id });
+      }
+      return JSON.stringify({
+        success: false,
+        id: args.id,
+        error: "Profile not found"
+      });
+    }
+  })
+});
+
+// src/plugin.ts
+var initializeSwitcher = (rawConfig) => {
+  const config = validateConfig(rawConfig);
+  const registry = createRegistry(config);
+  const logger = createAuditLogger();
+  const eventBus = createRoutingEventBus();
+  const circuitBreakers = /* @__PURE__ */ new Map();
+  for (const target of registry.getAllTargets()) {
+    circuitBreakers.set(
+      target.target_id,
+      createCircuitBreaker(target.target_id, config.circuit_breaker, eventBus)
+    );
+  }
+  const concurrency = createConcurrencyTracker(config.concurrency_limit);
+  const cooldownManager = createCooldownManager(registry, eventBus);
+  const traceBuffer = createRequestTraceBuffer(100);
+  createLogSubscriber(eventBus, logger);
+  const configRef = {
+    current: () => config,
+    swap: () => {
+    }
+  };
+  const operatorDeps = {
+    registry,
+    circuitBreakers,
+    configRef,
+    logger,
+    traceBuffer
+  };
+  return { config, registry, logger, circuitBreakers, concurrency, cooldownManager, operatorDeps };
+};
+var server = async (_input) => {
+  const logger = createAuditLogger({ level: "info" });
+  logger.info("O-Switcher plugin initializing");
+  const state = {};
+  const hooks = {
+    /**
+     * Config hook: initialize O-Switcher when OpenCode config is loaded.
+     *
+     * Auto-discovery (D-55): when no explicit targets are configured,
+     * discovers targets from OpenCode provider entries.
+     * Manual targets (D-57): when targets array is present, uses as-is.
+     * No providers (D-61): logs warning, runs in passthrough mode.
+     */
+    async config(cfg) {
+      const cfgRecord = cfg;
+      const switcherConfig = cfgRecord["switcher"];
+      const providerConfig = cfgRecord["provider"];
+      const rawConfig = switcherConfig && typeof switcherConfig === "object" ? { ...switcherConfig } : {};
+      const hasExplicitTargets = Boolean(
+        rawConfig["targets"] && Array.isArray(rawConfig["targets"]) && rawConfig["targets"].length > 0
+      );
+      if (!hasExplicitTargets) {
+        const profileStore = await loadProfiles().catch(() => ({}));
+        const profileKeys = Object.keys(profileStore);
+        if (profileKeys.length > 0) {
+          const profileTargets = discoverTargetsFromProfiles(profileStore);
+          rawConfig["targets"] = profileTargets;
+          logger.info(
+            { discovered: profileTargets.length, profiles: profileKeys },
+            "Auto-discovered targets from O-Switcher profiles"
+          );
+        } else if (providerConfig && typeof providerConfig === "object") {
+          const discoveredTargets = discoverTargets(providerConfig);
+          if (discoveredTargets.length === 0) {
+            logger.warn("No providers found \u2014 running in passthrough mode");
+            return;
+          }
+          rawConfig["targets"] = discoveredTargets;
+          logger.info(
+            { discovered: discoveredTargets.length, providers: Object.keys(providerConfig) },
+            "Auto-discovered targets from OpenCode providers"
+          );
+        } else {
+          logger.warn("No targets configured and no providers found \u2014 running in passthrough mode");
+          return;
+        }
+      }
+      try {
+        const initialized = initializeSwitcher(rawConfig);
+        Object.assign(state, initialized);
+        logger.info(
+          { targets: state.registry?.getAllTargets().length },
+          "O-Switcher initialized"
+        );
+        state.authWatcher = createAuthWatcher({ logger });
+        await state.authWatcher.start();
+        logger.info("Auth watcher started");
+      } catch (err) {
+        logger.error({ err }, "O-Switcher config validation failed \u2014 running without routing");
+      }
+    },
+    /**
+     * chat.params hook: adjust parameters for degraded targets (plugin-only mode).
+     *
+     * Cannot redirect to different providers (D-16 spike confirmed).
+     * Reduces temperature and maxOutputTokens when target health is low.
+     */
+    async "chat.params"(input, output) {
+      if (!state.registry) return;
+      const requestId = generateCorrelationId();
+      const targets = state.registry.getAllTargets();
+      const providerId = input.provider?.info?.id ?? input.provider?.info?.name ?? input.model?.providerID ?? void 0;
+      if (!providerId) return;
+      const matchingTargets = targets.filter(
+        (t) => t.provider_id === providerId && t.enabled
+      );
+      if (matchingTargets.length === 0) return;
+      const activeTarget = matchingTargets.reduce(
+        (best, t) => t.health_score > best.health_score ? t : best
+      );
+      if (!activeTarget) return;
+      state.cooldownManager?.checkExpired(Date.now());
+      if (activeTarget.health_score < 0.5) {
+        output.temperature = Math.min(output.temperature, 0.7);
+        if (output.maxOutputTokens !== void 0) {
+          output.maxOutputTokens = Math.min(output.maxOutputTokens, 4096);
+        }
+        state.logger?.info(
+          { request_id: requestId, target_id: activeTarget.target_id, health: activeTarget.health_score },
+          "Adjusted params for degraded target"
+        );
+      }
+    },
+    /**
+     * Event hook: observe session events for heuristic error detection.
+     *
+     * Watches for session.error events to update target health and circuit breaker.
+     */
+    async event({ event }) {
+      if (!state.registry) return;
+      if (event.type === "session.error") {
+        const properties = event.properties;
+        const error = properties?.error;
+        if (error && "providerID" in error) {
+          const providerId = error.providerID;
+          if (providerId) {
+            const matchingTargets = state.registry.getAllTargets().filter(
+              (t) => t.provider_id === providerId
+            );
+            if (matchingTargets.length === 0) return;
+            const target = matchingTargets.length === 1 ? matchingTargets[0] : matchingTargets.reduce(
+              (worst, t) => t.health_score < worst.health_score ? t : worst
+            );
+            if (matchingTargets.length > 1) {
+              state.logger?.warn(
+                { provider_id: providerId, attributed_target: target.target_id, profile_count: matchingTargets.length },
+                "Multiple profiles for provider \u2014 error attributed to worst-health target (plugin-only mode limitation)"
+              );
+            }
+            state.registry.recordObservation(target.target_id, 0);
+            state.circuitBreakers?.get(target.target_id)?.recordFailure();
+            state.logger?.info(
+              { target_id: target.target_id, event_type: event.type },
+              "Recorded failure from session event"
+            );
+          }
+        }
+      }
+    },
+    tool: {
+      ...createProfileTools()
+    }
+  };
+  return hooks;
+};
+var pluginModule = {
+  id: "o-switcher",
+  server
+};
+var plugin_default = pluginModule;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  server
+});
+//# sourceMappingURL=plugin.cjs.map