o-switcher 0.1.0

package/dist/index.cjs

@@ -0,0 +1,2582 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  ADMISSION_RESULTS: () => ADMISSION_RESULTS,
+  BackoffConfigSchema: () => BackoffConfigSchema,
+  ConfigValidationError: () => ConfigValidationError,
+  DEFAULT_ALPHA: () => DEFAULT_ALPHA,
+  DEFAULT_BACKOFF_BASE_MS: () => DEFAULT_BACKOFF_BASE_MS,
+  DEFAULT_BACKOFF_JITTER: () => DEFAULT_BACKOFF_JITTER,
+  DEFAULT_BACKOFF_MAX_MS: () => DEFAULT_BACKOFF_MAX_MS,
+  DEFAULT_BACKOFF_MULTIPLIER: () => DEFAULT_BACKOFF_MULTIPLIER,
+  DEFAULT_BACKOFF_PARAMS: () => DEFAULT_BACKOFF_PARAMS,
+  DEFAULT_FAILOVER_BUDGET: () => DEFAULT_FAILOVER_BUDGET,
+  DEFAULT_RETRY: () => DEFAULT_RETRY,
+  DEFAULT_RETRY_BUDGET: () => DEFAULT_RETRY_BUDGET,
+  DEFAULT_TIMEOUT_MS: () => DEFAULT_TIMEOUT_MS,
+  DualBreaker: () => DualBreaker,
+  EXCLUSION_REASONS: () => EXCLUSION_REASONS,
+  ErrorClassSchema: () => ErrorClassSchema,
+  HEURISTIC_PATTERNS: () => HEURISTIC_PATTERNS,
+  INITIAL_HEALTH_SCORE: () => INITIAL_HEALTH_SCORE,
+  PROVIDER_PATTERNS: () => PROVIDER_PATTERNS,
+  REDACT_PATHS: () => REDACT_PATHS,
+  SwitcherConfigSchema: () => SwitcherConfigSchema,
+  TARGET_STATES: () => TARGET_STATES,
+  TEMPORAL_QUOTA_PATTERN: () => TEMPORAL_QUOTA_PATTERN,
+  TargetConfigSchema: () => TargetConfigSchema,
+  TargetRegistry: () => TargetRegistry,
+  addProfile: () => addProfile,
+  applyConfigDiff: () => applyConfigDiff,
+  checkHardRejects: () => checkHardRejects,
+  classify: () => classify,
+  computeBackoffMs: () => computeBackoffMs,
+  computeConfigDiff: () => computeConfigDiff,
+  computeCooldownMs: () => computeCooldownMs,
+  computeScore: () => computeScore,
+  createAdmissionController: () => createAdmissionController,
+  createAuditCollector: () => createAuditCollector,
+  createAuditLogger: () => createAuditLogger,
+  createAuthWatcher: () => createAuthWatcher,
+  createCircuitBreaker: () => createCircuitBreaker,
+  createConcurrencyTracker: () => createConcurrencyTracker,
+  createCooldownManager: () => createCooldownManager,
+  createExecutionOrchestrator: () => createExecutionOrchestrator,
+  createFailoverOrchestrator: () => createFailoverOrchestrator,
+  createLogSubscriber: () => createLogSubscriber,
+  createModeAdapter: () => createModeAdapter,
+  createOperatorTools: () => createOperatorTools,
+  createProfileTools: () => createProfileTools,
+  createRegistry: () => createRegistry,
+  createRequestLogger: () => createRequestLogger,
+  createRequestTraceBuffer: () => createRequestTraceBuffer,
+  createRetryPolicy: () => createRetryPolicy,
+  createRoutingEventBus: () => createRoutingEventBus,
+  createStreamBuffer: () => createStreamBuffer,
+  createStreamStitcher: () => createStreamStitcher,
+  detectDeploymentMode: () => detectDeploymentMode,
+  determineContinuationMode: () => determineContinuationMode,
+  directSignalFromResponse: () => directSignalFromResponse,
+  disableTarget: () => disableTarget,
+  discoverTargets: () => discoverTargets,
+  discoverTargetsFromProfiles: () => discoverTargetsFromProfiles,
+  drainTarget: () => drainTarget,
+  extractRetryAfterMs: () => extractRetryAfterMs,
+  generateCorrelationId: () => generateCorrelationId,
+  getExclusionReason: () => getExclusionReason,
+  getModeCapabilities: () => getModeCapabilities,
+  getSignalFidelity: () => getSignalFidelity,
+  getTargetStateTransition: () => getTargetStateTransition,
+  heuristicSignalFromEvent: () => heuristicSignalFromEvent,
+  inspectRequest: () => inspectRequest,
+  isRetryable: () => isRetryable,
+  listProfiles: () => listProfiles,
+  listTargets: () => listTargets,
+  loadProfiles: () => loadProfiles,
+  nextProfileId: () => nextProfileId,
+  normalizeLatency: () => normalizeLatency,
+  pauseTarget: () => pauseTarget,
+  reloadConfig: () => reloadConfig,
+  removeProfile: () => removeProfile,
+  resumeTarget: () => resumeTarget,
+  saveProfiles: () => saveProfiles,
+  selectTarget: () => selectTarget,
+  updateHealthScore: () => updateHealthScore,
+  updateLatencyEma: () => updateLatencyEma,
+  validateBearerToken: () => validateBearerToken,
+  validateConfig: () => validateConfig
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/config/schema.ts
+var import_zod = require("zod");
+
+// src/config/defaults.ts
+var DEFAULT_RETRY_BUDGET = 3;
+var DEFAULT_FAILOVER_BUDGET = 2;
+var DEFAULT_BACKOFF_BASE_MS = 1e3;
+var DEFAULT_BACKOFF_MULTIPLIER = 2;
+var DEFAULT_BACKOFF_MAX_MS = 3e4;
+var DEFAULT_BACKOFF_JITTER = "full";
+var DEFAULT_ROUTING_WEIGHT_HEALTH = 1;
+var DEFAULT_ROUTING_WEIGHT_LATENCY = 0.5;
+var DEFAULT_ROUTING_WEIGHT_FAILURE = 0.8;
+var DEFAULT_ROUTING_WEIGHT_PRIORITY = 0.3;
+var DEFAULT_MAX_EXPECTED_LATENCY_MS = 3e4;
+var DEFAULT_QUEUE_LIMIT = 100;
+var DEFAULT_GLOBAL_CONCURRENCY_LIMIT = 10;
+var DEFAULT_BACKPRESSURE_THRESHOLD = 50;
+var DEFAULT_CB_FAILURE_THRESHOLD = 5;
+var DEFAULT_CB_FAILURE_RATE_THRESHOLD = 0.5;
+var DEFAULT_CB_SLIDING_WINDOW_SIZE = 10;
+var DEFAULT_CB_HALF_OPEN_AFTER_MS = 3e4;
+var DEFAULT_CB_HALF_OPEN_MAX_PROBES = 1;
+var DEFAULT_CB_SUCCESS_THRESHOLD = 2;
+var DEFAULT_RETRY = 3;
+var DEFAULT_TIMEOUT_MS = 3e4;
+
+// src/config/schema.ts
+var BackoffConfigSchema = import_zod.z.object({
+  base_ms: import_zod.z.number().positive().default(DEFAULT_BACKOFF_BASE_MS),
+  multiplier: import_zod.z.number().positive().default(DEFAULT_BACKOFF_MULTIPLIER),
+  max_ms: import_zod.z.number().positive().default(DEFAULT_BACKOFF_MAX_MS),
+  jitter: import_zod.z.enum(["full", "equal", "none"]).default(DEFAULT_BACKOFF_JITTER)
+});
+var RoutingWeightsSchema = import_zod.z.object({
+  health: import_zod.z.number().default(DEFAULT_ROUTING_WEIGHT_HEALTH),
+  latency: import_zod.z.number().default(DEFAULT_ROUTING_WEIGHT_LATENCY),
+  failure: import_zod.z.number().default(DEFAULT_ROUTING_WEIGHT_FAILURE),
+  priority: import_zod.z.number().default(DEFAULT_ROUTING_WEIGHT_PRIORITY)
+});
+var CircuitBreakerConfigSchema = import_zod.z.object({
+  failure_threshold: import_zod.z.number().int().positive().default(DEFAULT_CB_FAILURE_THRESHOLD),
+  failure_rate_threshold: import_zod.z.number().gt(0).lt(1).default(DEFAULT_CB_FAILURE_RATE_THRESHOLD),
+  sliding_window_size: import_zod.z.number().int().positive().default(DEFAULT_CB_SLIDING_WINDOW_SIZE),
+  half_open_after_ms: import_zod.z.number().positive().default(DEFAULT_CB_HALF_OPEN_AFTER_MS),
+  half_open_max_probes: import_zod.z.number().int().positive().default(DEFAULT_CB_HALF_OPEN_MAX_PROBES),
+  success_threshold: import_zod.z.number().int().positive().default(DEFAULT_CB_SUCCESS_THRESHOLD)
+});
+var TargetConfigSchema = import_zod.z.object({
+  target_id: import_zod.z.string().min(1),
+  provider_id: import_zod.z.string().min(1),
+  profile: import_zod.z.string().optional(),
+  endpoint_id: import_zod.z.string().optional(),
+  capabilities: import_zod.z.array(import_zod.z.string()).default([]),
+  enabled: import_zod.z.boolean().default(true),
+  operator_priority: import_zod.z.number().int().default(0),
+  policy_tags: import_zod.z.array(import_zod.z.string()).default([]),
+  retry_budget: import_zod.z.number().int().positive().optional(),
+  failover_budget: import_zod.z.number().int().positive().optional(),
+  backoff: BackoffConfigSchema.optional(),
+  concurrency_limit: import_zod.z.number().int().positive().optional(),
+  circuit_breaker: CircuitBreakerConfigSchema.optional()
+});
+var SwitcherConfigSchema = import_zod.z.object({
+  targets: import_zod.z.array(TargetConfigSchema).min(1).optional(),
+  retry: import_zod.z.number().int().positive().optional(),
+  timeout: import_zod.z.number().positive().optional(),
+  retry_budget: import_zod.z.number().int().positive().default(DEFAULT_RETRY_BUDGET),
+  failover_budget: import_zod.z.number().int().positive().default(DEFAULT_FAILOVER_BUDGET),
+  backoff: BackoffConfigSchema.default({
+    base_ms: DEFAULT_BACKOFF_BASE_MS,
+    multiplier: DEFAULT_BACKOFF_MULTIPLIER,
+    max_ms: DEFAULT_BACKOFF_MAX_MS,
+    jitter: DEFAULT_BACKOFF_JITTER
+  }),
+  deployment_mode_hint: import_zod.z.enum(["plugin-only", "server-companion", "sdk-control", "auto"]).default("auto"),
+  routing_weights: RoutingWeightsSchema.default({
+    health: DEFAULT_ROUTING_WEIGHT_HEALTH,
+    latency: DEFAULT_ROUTING_WEIGHT_LATENCY,
+    failure: DEFAULT_ROUTING_WEIGHT_FAILURE,
+    priority: DEFAULT_ROUTING_WEIGHT_PRIORITY
+  }),
+  queue_limit: import_zod.z.number().int().positive().default(DEFAULT_QUEUE_LIMIT),
+  concurrency_limit: import_zod.z.number().int().positive().default(DEFAULT_GLOBAL_CONCURRENCY_LIMIT),
+  backpressure_threshold: import_zod.z.number().int().nonnegative().default(DEFAULT_BACKPRESSURE_THRESHOLD),
+  circuit_breaker: CircuitBreakerConfigSchema.default({
+    failure_threshold: DEFAULT_CB_FAILURE_THRESHOLD,
+    failure_rate_threshold: DEFAULT_CB_FAILURE_RATE_THRESHOLD,
+    sliding_window_size: DEFAULT_CB_SLIDING_WINDOW_SIZE,
+    half_open_after_ms: DEFAULT_CB_HALF_OPEN_AFTER_MS,
+    half_open_max_probes: DEFAULT_CB_HALF_OPEN_MAX_PROBES,
+    success_threshold: DEFAULT_CB_SUCCESS_THRESHOLD
+  }),
+  max_expected_latency_ms: import_zod.z.number().positive().default(DEFAULT_MAX_EXPECTED_LATENCY_MS)
+});
+
+// src/config/loader.ts
+var ConfigValidationError = class extends Error {
+  diagnostics;
+  constructor(diagnostics) {
+    const summary = diagnostics.map((d) => `  ${d.path}: ${d.message}`).join("\n");
+    super(`Invalid O-Switcher configuration:
+${summary}`);
+    this.name = "ConfigValidationError";
+    this.diagnostics = diagnostics;
+  }
+};
+var validateConfig = (raw) => {
+  const result = SwitcherConfigSchema.safeParse(raw);
+  if (result.success) {
+    const data = { ...result.data };
+    if (data.retry !== void 0 && data.retry_budget === DEFAULT_RETRY_BUDGET) {
+      data.retry_budget = data.retry;
+    }
+    if (data.timeout !== void 0 && data.max_expected_latency_ms === DEFAULT_MAX_EXPECTED_LATENCY_MS) {
+      data.max_expected_latency_ms = data.timeout;
+    }
+    if (data.targets !== void 0) {
+      const seen = /* @__PURE__ */ new Set();
+      const duplicateDiagnostics = [];
+      for (const target of data.targets) {
+        const key = `${target.provider_id}::${target.profile ?? "__default__"}`;
+        if (seen.has(key)) {
+          duplicateDiagnostics.push({
+            path: "targets",
+            message: `Duplicate provider_id + profile combination: ${key}`,
+            received: key
+          });
+        }
+        seen.add(key);
+      }
+      if (duplicateDiagnostics.length > 0) {
+        throw new ConfigValidationError(duplicateDiagnostics);
+      }
+    }
+    return Object.freeze(data);
+  }
+  const diagnostics = result.error.issues.map(
+    (issue) => ({
+      path: issue.path.join("."),
+      message: issue.message,
+      received: "expected" in issue ? issue.expected : void 0
+    })
+  );
+  throw new ConfigValidationError(diagnostics);
+};
+
+// src/config/discovery.ts
+var discoverTargets = (providerConfig) => {
+  const targets = [];
+  for (const [key, value] of Object.entries(providerConfig)) {
+    if (!value) continue;
+    const raw = {
+      target_id: key,
+      provider_id: value.id ?? key,
+      capabilities: ["chat"],
+      enabled: true,
+      operator_priority: 0,
+      policy_tags: []
+    };
+    const parsed = TargetConfigSchema.parse(raw);
+    targets.push(parsed);
+  }
+  return targets;
+};
+var discoverTargetsFromProfiles = (store) => {
+  const targets = [];
+  for (const entry of Object.values(store)) {
+    if (!entry) continue;
+    const raw = {
+      target_id: entry.id,
+      provider_id: entry.provider,
+      profile: entry.id,
+      capabilities: ["chat"],
+      enabled: true,
+      operator_priority: 0,
+      policy_tags: []
+    };
+    const parsed = TargetConfigSchema.parse(raw);
+    targets.push(parsed);
+  }
+  return targets;
+};
+
+// src/registry/health.ts
+var INITIAL_HEALTH_SCORE = 1;
+var DEFAULT_ALPHA = 0.1;
+var updateHealthScore = (currentScore, observation, alpha = DEFAULT_ALPHA) => alpha * observation + (1 - alpha) * currentScore;
+var updateLatencyEma = (currentEma, observedMs, alpha = DEFAULT_ALPHA) => alpha * observedMs + (1 - alpha) * currentEma;
+
+// src/registry/registry.ts
+var TargetRegistry = class {
+  targets;
+  constructor(config) {
+    this.targets = new Map(
+      (config.targets ?? []).map((t) => [
+        t.target_id,
+        {
+          target_id: t.target_id,
+          provider_id: t.provider_id,
+          profile: t.profile,
+          endpoint_id: t.endpoint_id,
+          capabilities: [...t.capabilities],
+          enabled: t.enabled,
+          state: "Active",
+          health_score: INITIAL_HEALTH_SCORE,
+          cooldown_until: null,
+          latency_ema_ms: 0,
+          failure_score: 0,
+          operator_priority: t.operator_priority,
+          policy_tags: [...t.policy_tags]
+        }
+      ])
+    );
+  }
+  /** Returns the target entry for the given id, or undefined if not found. */
+  getTarget(id) {
+    return this.targets.get(id);
+  }
+  /** Returns a readonly array of all target entries. */
+  getAllTargets() {
+    return [...this.targets.values()];
+  }
+  /**
+   * Updates the state of a target.
+   * @returns true if the target was found and updated, false otherwise.
+   */
+  updateState(id, newState) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return false;
+    }
+    this.targets.set(id, { ...target, state: newState });
+    return true;
+  }
+  /**
+   * Records a success (1) or failure (0) observation for a target.
+   * Updates health_score via EMA.
+   */
+  recordObservation(id, observation) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return;
+    }
+    const newHealthScore = updateHealthScore(
+      target.health_score,
+      observation
+    );
+    this.targets.set(id, { ...target, health_score: newHealthScore });
+  }
+  /** Sets the cooldown_until timestamp for a target. */
+  setCooldown(id, untilMs) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return;
+    }
+    this.targets.set(id, { ...target, cooldown_until: untilMs });
+  }
+  /** Updates the latency EMA for a target. */
+  updateLatency(id, ms) {
+    const target = this.targets.get(id);
+    if (!target) {
+      return;
+    }
+    const newLatency = updateLatencyEma(target.latency_ema_ms, ms);
+    this.targets.set(id, { ...target, latency_ema_ms: newLatency });
+  }
+  /**
+   * Adds a new target entry to the registry.
+   * @returns true if added, false if target_id already exists.
+   */
+  addTarget(entry) {
+    if (this.targets.has(entry.target_id)) {
+      return false;
+    }
+    this.targets.set(entry.target_id, entry);
+    return true;
+  }
+  /**
+   * Removes a target entry from the registry.
+   * @returns true if found and removed, false if not found.
+   */
+  removeTarget(id) {
+    return this.targets.delete(id);
+  }
+  /** Returns a deep-frozen snapshot of all targets. */
+  getSnapshot() {
+    const snapshot = {
+      targets: [...this.targets.values()].map((t) => ({ ...t }))
+    };
+    return Object.freeze(snapshot);
+  }
+};
+var createRegistry = (config) => new TargetRegistry(config);
+
+// src/registry/types.ts
+var TARGET_STATES = [
+  "Active",
+  "CoolingDown",
+  "ReauthRequired",
+  "PolicyBlocked",
+  "CircuitOpen",
+  "CircuitHalfOpen",
+  "Draining",
+  "Disabled"
+];
+
+// src/mode/detection.ts
+var detectDeploymentMode = (hint) => {
+  if (hint !== "auto") {
+    return hint;
+  }
+  return "plugin-only";
+};
+var getSignalFidelity = (mode) => {
+  if (mode === "plugin-only") {
+    return "heuristic";
+  }
+  return "direct";
+};
+var getModeCapabilities = (mode) => {
+  if (mode === "plugin-only") {
+    return {
+      mode,
+      signalFidelity: "heuristic",
+      hasHttpStatus: false,
+      hasRetryAfterHeader: false,
+      hasOperatorApi: false
+    };
+  }
+  return {
+    mode,
+    signalFidelity: "direct",
+    hasHttpStatus: true,
+    hasRetryAfterHeader: true,
+    hasOperatorApi: true
+  };
+};
+
+// src/audit/logger.ts
+var import_pino = __toESM(require("pino"), 1);
+var import_node_crypto = __toESM(require("crypto"), 1);
+var REDACT_PATHS = [
+  "api_key",
+  "token",
+  "secret",
+  "password",
+  "authorization",
+  "credential",
+  "credentials",
+  "*.api_key",
+  "*.token",
+  "*.secret",
+  "*.password",
+  "*.authorization",
+  "*.credential",
+  "*.credentials"
+];
+var createAuditLogger = (options) => {
+  const opts = {
+    level: options?.level ?? "info",
+    redact: {
+      paths: [...REDACT_PATHS],
+      censor: "[Redacted]"
+    }
+  };
+  if (options?.destination) {
+    return (0, import_pino.default)(opts, options.destination);
+  }
+  return (0, import_pino.default)(opts);
+};
+var createRequestLogger = (baseLogger, requestId) => baseLogger.child({ request_id: requestId });
+var generateCorrelationId = () => import_node_crypto.default.randomUUID();
+
+// src/errors/taxonomy.ts
+var import_zod2 = require("zod");
+var RateLimitedSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("RateLimited"),
+  retryable: import_zod2.z.literal(true),
+  retry_after_ms: import_zod2.z.number().optional(),
+  provider_reason: import_zod2.z.string().optional()
+});
+var QuotaExhaustedSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("QuotaExhausted"),
+  retryable: import_zod2.z.literal(false),
+  provider_reason: import_zod2.z.string().optional()
+});
+var AuthFailureSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("AuthFailure"),
+  retryable: import_zod2.z.literal(false),
+  recovery_attempted: import_zod2.z.boolean().default(false)
+});
+var PermissionFailureSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("PermissionFailure"),
+  retryable: import_zod2.z.literal(false)
+});
+var PolicyFailureSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("PolicyFailure"),
+  retryable: import_zod2.z.literal(false)
+});
+var RegionRestrictionSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("RegionRestriction"),
+  retryable: import_zod2.z.literal(false)
+});
+var ModelUnavailableSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("ModelUnavailable"),
+  retryable: import_zod2.z.literal(false),
+  failover_eligible: import_zod2.z.literal(true)
+});
+var TransientServerFailureSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("TransientServerFailure"),
+  retryable: import_zod2.z.literal(true),
+  http_status: import_zod2.z.number().optional()
+});
+var TransportFailureSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("TransportFailure"),
+  retryable: import_zod2.z.literal(true)
+});
+var InterruptedExecutionSchema = import_zod2.z.object({
+  class: import_zod2.z.literal("InterruptedExecution"),
+  retryable: import_zod2.z.literal(true),
+  partial_output_bytes: import_zod2.z.number().optional()
+});
+var ErrorClassSchema = import_zod2.z.discriminatedUnion("class", [
+  RateLimitedSchema,
+  QuotaExhaustedSchema,
+  AuthFailureSchema,
+  PermissionFailureSchema,
+  PolicyFailureSchema,
+  RegionRestrictionSchema,
+  ModelUnavailableSchema,
+  TransientServerFailureSchema,
+  TransportFailureSchema,
+  InterruptedExecutionSchema
+]);
+var isRetryable = (errorClass) => errorClass.retryable;
+var getTargetStateTransition = (errorClass) => {
+  switch (errorClass.class) {
+    case "RateLimited":
+      return "CoolingDown";
+    case "QuotaExhausted":
+      return "Disabled";
+    case "AuthFailure":
+      return "ReauthRequired";
+    case "PermissionFailure":
+      return "PolicyBlocked";
+    case "PolicyFailure":
+      return "PolicyBlocked";
+    case "RegionRestriction":
+      return "Disabled";
+    case "ModelUnavailable":
+      return null;
+    case "TransientServerFailure":
+      return null;
+    case "TransportFailure":
+      return null;
+    case "InterruptedExecution":
+      return null;
+  }
+};
+
+// src/errors/corpus.ts
+var PROVIDER_PATTERNS = [
+  // Anthropic
+  { provider: "anthropic", http_status: 400, error_type_field: "error.type", error_type_value: "invalid_request_error", error_class: "PolicyFailure" },
+  { provider: "anthropic", http_status: 401, error_type_field: "error.type", error_type_value: "authentication_error", error_class: "AuthFailure" },
+  { provider: "anthropic", http_status: 402, error_type_field: "error.type", error_type_value: "billing_error", error_class: "QuotaExhausted" },
+  { provider: "anthropic", http_status: 403, error_type_field: "error.type", error_type_value: "permission_error", error_class: "PermissionFailure" },
+  { provider: "anthropic", http_status: 404, error_type_field: "error.type", error_type_value: "not_found_error", error_class: "ModelUnavailable" },
+  { provider: "anthropic", http_status: 429, error_type_field: "error.type", error_type_value: "rate_limit_error", error_class: "RateLimited" },
+  { provider: "anthropic", http_status: 500, error_type_field: "error.type", error_type_value: "api_error", error_class: "TransientServerFailure" },
+  { provider: "anthropic", http_status: 504, error_type_field: "error.type", error_type_value: "timeout_error", error_class: "TransportFailure" },
+  { provider: "anthropic", http_status: 529, error_type_field: "error.type", error_type_value: "overloaded_error", error_class: "RateLimited", notes: "Server capacity exhaustion; backoff on same provider, do NOT failover" },
+  // OpenAI
+  { provider: "openai", http_status: 400, error_type_field: "error.code", error_type_value: "", error_class: "PolicyFailure" },
+  { provider: "openai", http_status: 401, error_type_field: "error.code", error_type_value: "invalid_api_key", error_class: "AuthFailure" },
+  { provider: "openai", http_status: 403, error_type_field: "error.code", error_type_value: "", error_class: "PermissionFailure" },
+  { provider: "openai", http_status: 429, error_type_field: "error.code", error_type_value: "rate_limit_exceeded", error_class: "RateLimited" },
+  { provider: "openai", http_status: 429, error_type_field: "error.code", error_type_value: "insufficient_quota", error_class: "QuotaExhausted", notes: "Billing exhausted -- NOT retryable" },
+  { provider: "openai", http_status: 500, error_type_field: "error.code", error_type_value: "", error_class: "TransientServerFailure" },
+  { provider: "openai", http_status: 503, error_type_field: "error.code", error_type_value: "", error_class: "TransientServerFailure" },
+  // Google Vertex AI / Gemini
+  { provider: "google", http_status: 400, error_type_field: "error.status", error_type_value: "INVALID_ARGUMENT", error_class: "PolicyFailure" },
+  { provider: "google", http_status: 403, error_type_field: "error.status", error_type_value: "PERMISSION_DENIED", error_class: "PermissionFailure" },
+  { provider: "google", http_status: 429, error_type_field: "error.status", error_type_value: "RESOURCE_EXHAUSTED", error_class: "RateLimited" },
+  { provider: "google", http_status: 500, error_type_field: "error.status", error_type_value: "INTERNAL", error_class: "TransientServerFailure" },
+  { provider: "google", http_status: 503, error_type_field: "error.status", error_type_value: "UNAVAILABLE", error_class: "TransientServerFailure" },
+  // AWS Bedrock
+  { provider: "bedrock", http_status: 429, error_type_field: "__type", error_type_value: "ThrottlingException", error_class: "RateLimited" },
+  { provider: "bedrock", http_status: 408, error_type_field: "__type", error_type_value: "ModelTimeoutException", error_class: "TransportFailure" },
+  { provider: "bedrock", http_status: 424, error_type_field: "__type", error_type_value: "ModelNotReadyException", error_class: "ModelUnavailable" },
+  { provider: "bedrock", http_status: 403, error_type_field: "__type", error_type_value: "AccessDeniedException", error_class: "PermissionFailure" },
+  { provider: "bedrock", http_status: 400, error_type_field: "__type", error_type_value: "ValidationException", error_class: "PolicyFailure" },
+  { provider: "bedrock", http_status: 500, error_type_field: "__type", error_type_value: "InternalServerException", error_class: "TransientServerFailure" }
+];
+var HEURISTIC_PATTERNS = [
+  // Transport errors (high confidence -- these are unambiguous)
+  { pattern: /ECONNREFUSED|ECONNRESET|ETIMEDOUT/, error_class: "TransportFailure", confidence: "high" },
+  // Quota patterns (before rate limit to avoid misclassification -- Pitfall 2/3)
+  { pattern: /quota\s*(?:exceeded|exhausted)/i, error_class: "QuotaExhausted", confidence: "medium" },
+  { pattern: /insufficient\s*quota/i, error_class: "QuotaExhausted", confidence: "medium", provider: "openai" },
+  { pattern: /billing/i, error_class: "QuotaExhausted", confidence: "low", provider: "openai" },
+  // Rate limit patterns
+  { pattern: /rate\s*limit/i, error_class: "RateLimited", confidence: "medium" },
+  { pattern: /too many requests/i, error_class: "RateLimited", confidence: "medium" },
+  { pattern: /retry\s*after/i, error_class: "RateLimited", confidence: "medium" },
+  { pattern: /overloaded/i, error_class: "RateLimited", confidence: "medium", provider: "anthropic" },
+  { pattern: /resource\s*exhausted/i, error_class: "RateLimited", confidence: "medium", provider: "google" },
+  // Auth patterns
+  { pattern: /authentication/i, error_class: "AuthFailure", confidence: "medium" },
+  { pattern: /invalid\s*api\s*key/i, error_class: "AuthFailure", confidence: "medium" },
+  { pattern: /unauthorized/i, error_class: "AuthFailure", confidence: "medium" },
+  // Permission patterns
+  { pattern: /permission\s*denied/i, error_class: "PermissionFailure", confidence: "medium" },
+  { pattern: /forbidden/i, error_class: "PermissionFailure", confidence: "low" },
+  // Model availability patterns
+  { pattern: /model\s*not\s*(?:available|ready|found)/i, error_class: "ModelUnavailable", confidence: "medium" },
+  { pattern: /not\s*found/i, error_class: "ModelUnavailable", confidence: "low" },
+  // Transport patterns (lower confidence than ECONNREFUSED)
+  { pattern: /timeout/i, error_class: "TransportFailure", confidence: "low" },
+  // Region restriction (requires both keywords)
+  { pattern: /region.*restrict|restrict.*region/i, error_class: "RegionRestriction", confidence: "low" }
+];
+var TEMPORAL_QUOTA_PATTERN = /too many tokens per (?:day|month|hour|week)/i;
+
+// src/errors/classifier.ts
+var buildErrorClass = (className, extras) => {
+  switch (className) {
+    case "RateLimited":
+      return {
+        class: "RateLimited",
+        retryable: true,
+        retry_after_ms: extras?.retry_after_ms,
+        provider_reason: extras?.provider_reason
+      };
+    case "QuotaExhausted":
+      return {
+        class: "QuotaExhausted",
+        retryable: false,
+        provider_reason: extras?.provider_reason
+      };
+    case "AuthFailure":
+      return { class: "AuthFailure", retryable: false, recovery_attempted: false };
+    case "PermissionFailure":
+      return { class: "PermissionFailure", retryable: false };
+    case "PolicyFailure":
+      return { class: "PolicyFailure", retryable: false };
+    case "RegionRestriction":
+      return { class: "RegionRestriction", retryable: false };
+    case "ModelUnavailable":
+      return { class: "ModelUnavailable", retryable: false, failover_eligible: true };
+    case "TransientServerFailure":
+      return {
+        class: "TransientServerFailure",
+        retryable: true,
+        http_status: extras?.http_status
+      };
+    case "TransportFailure":
+      return { class: "TransportFailure", retryable: true };
+    case "InterruptedExecution":
+      return { class: "InterruptedExecution", retryable: true };
+    default:
+      return { class: "TransientServerFailure", retryable: true, http_status: extras?.http_status };
+  }
+};
+var extractErrorTypeFromBody = (body) => {
+  if (typeof body !== "object" || body === null) return void 0;
+  const b = body;
+  const errorObj = b.error;
+  if (typeof errorObj === "object" && errorObj !== null) {
+    if (typeof errorObj.type === "string") return errorObj.type;
+    if (typeof errorObj.code === "string") return errorObj.code;
+    if (typeof errorObj.status === "string") return errorObj.status;
+  }
+  if (typeof b.__type === "string") return b.__type;
+  return void 0;
+};
+var classifyDirect = (signal) => {
+  const status = signal.http_status;
+  const errorType = signal.error_type ?? extractErrorTypeFromBody(signal.response_body);
+  const errorMessage = signal.error_message ?? "";
+  if (status === 429 && TEMPORAL_QUOTA_PATTERN.test(errorMessage)) {
+    return {
+      error_class: buildErrorClass("QuotaExhausted"),
+      detection_mode: "direct",
+      confidence: "high",
+      raw_signal: signal
+    };
+  }
+  if (status === 429 && errorType === "insufficient_quota") {
+    return {
+      error_class: buildErrorClass("QuotaExhausted"),
+      detection_mode: "direct",
+      confidence: "high",
+      raw_signal: signal
+    };
+  }
+  if (status === 529 && errorType === "overloaded_error") {
+    return {
+      error_class: buildErrorClass("RateLimited", {
+        retry_after_ms: signal.retry_after_ms,
+        provider_reason: "server_capacity_exhaustion"
+      }),
+      detection_mode: "direct",
+      confidence: "high",
+      raw_signal: signal
+    };
+  }
+  if (errorType) {
+    const match = PROVIDER_PATTERNS.find(
+      (p) => p.http_status === status && p.error_type_value === errorType
+    );
+    if (match) {
+      return {
+        error_class: buildErrorClass(match.error_class, {
+          retry_after_ms: signal.retry_after_ms,
+          http_status: status
+        }),
+        detection_mode: "direct",
+        confidence: "high",
+        raw_signal: signal
+      };
+    }
+  }
+  if (errorType === "ThrottlingException" && TEMPORAL_QUOTA_PATTERN.test(errorMessage)) {
+    return {
+      error_class: buildErrorClass("QuotaExhausted"),
+      detection_mode: "direct",
+      confidence: "high",
+      raw_signal: signal
+    };
+  }
+  const fallbackClass = getClassFromStatus(status);
+  return {
+    error_class: buildErrorClass(fallbackClass, {
+      retry_after_ms: signal.retry_after_ms,
+      http_status: status
+    }),
+    detection_mode: "direct",
+    confidence: "high",
+    raw_signal: signal
+  };
+};
+var getClassFromStatus = (status) => {
+  if (status === 400) return "PolicyFailure";
+  if (status === 401) return "AuthFailure";
+  if (status === 402) return "QuotaExhausted";
+  if (status === 403) return "PermissionFailure";
+  if (status === 404) return "ModelUnavailable";
+  if (status === 408) return "TransportFailure";
+  if (status === 429) return "RateLimited";
+  if (status >= 500) return "TransientServerFailure";
+  return "TransientServerFailure";
+};
+var classifyHeuristic = (signal) => {
+  const message = signal.error_message ?? "";
+  if (TEMPORAL_QUOTA_PATTERN.test(message)) {
+    return {
+      error_class: buildErrorClass("QuotaExhausted"),
+      detection_mode: "heuristic",
+      confidence: "medium",
+      raw_signal: signal
+    };
+  }
+  for (const hp of HEURISTIC_PATTERNS) {
+    if (hp.pattern.test(message)) {
+      return {
+        error_class: buildErrorClass(hp.error_class),
+        detection_mode: "heuristic",
+        confidence: hp.confidence,
+        raw_signal: signal
+      };
+    }
+  }
+  return {
+    error_class: buildErrorClass("TransientServerFailure"),
+    detection_mode: "heuristic",
+    confidence: "low",
+    raw_signal: signal
+  };
+};
+var classify = (signal) => {
+  if (signal.http_status !== void 0) {
+    return classifyDirect(signal);
+  }
+  return classifyHeuristic(signal);
+};
+
+// src/errors/direct-adapter.ts
+var extractErrorType = (body) => {
+  if (typeof body !== "object" || body === null) {
+    return void 0;
+  }
+  const b = body;
+  const errorObj = b.error;
+  if (typeof errorObj === "object" && errorObj !== null) {
+    if (typeof errorObj.type === "string") return errorObj.type;
+    if (typeof errorObj.code === "string") return errorObj.code;
+    if (typeof errorObj.status === "string") return errorObj.status;
+  }
+  if (typeof b.__type === "string") return b.__type;
+  return void 0;
+};
+var extractErrorMessage = (body) => {
+  if (typeof body !== "object" || body === null) {
+    return void 0;
+  }
+  const b = body;
+  const errorObj = b.error;
+  if (typeof errorObj === "object" && errorObj !== null) {
+    if (typeof errorObj.message === "string") return errorObj.message;
+  }
+  if (typeof b.message === "string") return b.message;
+  return void 0;
+};
+var extractRetryAfterMs = (headers) => {
+  if (!headers) return void 0;
+  const value = headers["retry-after"] ?? headers["Retry-After"];
+  if (!value) return void 0;
+  const seconds = Number(value);
+  if (Number.isNaN(seconds) || seconds < 0) return void 0;
+  return seconds * 1e3;
+};
+var directSignalFromResponse = (status, body, headers) => ({
+  http_status: status,
+  error_type: extractErrorType(body),
+  error_message: extractErrorMessage(body),
+  response_body: body,
+  detection_mode: "direct",
+  retry_after_ms: extractRetryAfterMs(headers)
+});
+
+// src/errors/heuristic-adapter.ts
+var heuristicSignalFromEvent = (eventType, message, providerId) => ({
+  error_type: eventType,
+  error_message: message,
+  detection_mode: "heuristic",
+  provider_id: providerId
+});
+
+// src/retry/backoff.ts
+var DEFAULT_BACKOFF_PARAMS = {
+  base_ms: 1e3,
+  multiplier: 2,
+  max_ms: 3e4,
+  jitter: "full"
+};
+var computeBackoffMs = (attempt, params, retryAfterMs) => {
+  const rawDelay = Math.min(
+    params.base_ms * Math.pow(params.multiplier, attempt),
+    params.max_ms
+  );
+  const jitteredDelay = params.jitter === "full" ? Math.random() * rawDelay : params.jitter === "equal" ? rawDelay / 2 + Math.random() * (rawDelay / 2) : rawDelay;
+  return Math.max(jitteredDelay, retryAfterMs ?? 0);
+};
+
+// src/retry/retry-policy.ts
+var createRetryPolicy = (budget, backoffParams = DEFAULT_BACKOFF_PARAMS) => ({
+  budget,
+  backoffParams,
+  decide: (classification, attemptsSoFar) => {
+    const errorClass = classification.error_class;
+    if (!isRetryable(errorClass)) {
+      return {
+        action: "abort",
+        reason: `Non-retryable: ${errorClass.class}`,
+        target_state: getTargetStateTransition(errorClass)
+      };
+    }
+    if (attemptsSoFar >= budget) {
+      return {
+        action: "exhausted",
+        attempts_used: attemptsSoFar
+      };
+    }
+    const retryAfterMs = errorClass.class === "RateLimited" ? errorClass.retry_after_ms : void 0;
+    const delayMs = computeBackoffMs(attemptsSoFar, backoffParams, retryAfterMs);
+    return {
+      action: "retry",
+      delay_ms: delayMs,
+      attempt: attemptsSoFar + 1
+    };
+  }
+});
+
+// src/routing/types.ts
+var EXCLUSION_REASONS = [
+  "disabled",
+  "policy_blocked",
+  "reauth_required",
+  "cooldown_active",
+  "circuit_open",
+  "capability_mismatch",
+  "draining"
+];
+var ADMISSION_RESULTS = [
+  "admitted",
+  "queued",
+  "degraded",
+  "rejected"
+];
+
+// src/routing/events.ts
+var import_eventemitter3 = require("eventemitter3");
+var createRoutingEventBus = () => new import_eventemitter3.EventEmitter();
+
+// src/routing/dual-breaker.ts
+var import_cockatiel = require("cockatiel");
+var DualBreaker = class {
+  consecutive;
+  count;
+  constructor(consecutiveThreshold, countOpts) {
+    this.consecutive = new import_cockatiel.ConsecutiveBreaker(consecutiveThreshold);
+    this.count = new import_cockatiel.CountBreaker(countOpts);
+  }
+  /** Serializable state for both internal breakers. */
+  get state() {
+    return {
+      consecutive: this.consecutive.state,
+      count: this.count.state
+    };
+  }
+  /** Restore state for both internal breakers. */
+  set state(value) {
+    const v = value;
+    this.consecutive.state = v.consecutive;
+    this.count.state = v.count;
+  }
+  /**
+   * Record success on both breakers.
+   * ConsecutiveBreaker.success() takes no args (resets counter).
+   * CountBreaker.success() takes CircuitState.
+   */
+  success(state) {
+    this.consecutive.success();
+    this.count.success(state);
+  }
+  /**
+   * Record failure on both breakers.
+   * Returns true if EITHER breaker trips (OR logic).
+   * ConsecutiveBreaker.failure() takes no args.
+   * CountBreaker.failure() takes CircuitState.
+   */
+  failure(state) {
+    const consecutiveTripped = this.consecutive.failure();
+    const countTripped = this.count.failure(state);
+    return consecutiveTripped || countTripped;
+  }
+};
+
+// src/routing/circuit-breaker.ts
+var import_cockatiel2 = require("cockatiel");
+var import_eventemitter32 = require("eventemitter3");
+var COCKATIEL_TO_TARGET = /* @__PURE__ */ new Map([
+  [import_cockatiel2.CircuitState.Closed, "Active"],
+  [import_cockatiel2.CircuitState.Open, "CircuitOpen"],
+  [import_cockatiel2.CircuitState.HalfOpen, "CircuitHalfOpen"],
+  [import_cockatiel2.CircuitState.Isolated, "Disabled"]
+]);
+var toTargetState = (state) => COCKATIEL_TO_TARGET.get(state) ?? "Disabled";
+var createCircuitBreaker = (targetId, config, eventBus) => {
+  const createPolicy = () => {
+    const breaker = new DualBreaker(config.failure_threshold, {
+      threshold: config.failure_rate_threshold,
+      size: config.sliding_window_size
+    });
+    const policy = (0, import_cockatiel2.circuitBreaker)(import_cockatiel2.handleAll, {
+      halfOpenAfter: config.half_open_after_ms,
+      breaker
+    });
+    return { policy, breaker };
+  };
+  let current = createPolicy();
+  let previousState = import_cockatiel2.CircuitState.Closed;
+  let openedAtMs = 0;
+  const subscribeEvents = (policy) => {
+    policy.onStateChange((newState) => {
+      if (newState === import_cockatiel2.CircuitState.Open) {
+        openedAtMs = Date.now();
+      }
+      const from = toTargetState(previousState);
+      const to = toTargetState(newState);
+      previousState = newState;
+      if (from !== to && eventBus) {
+        eventBus.emit("circuit_state_change", {
+          target_id: targetId,
+          from,
+          to,
+          reason: `state_transition`
+        });
+      }
+    });
+  };
+  subscribeEvents(current.policy);
+  const effectiveState = () => {
+    const raw = current.policy.state;
+    if (raw === import_cockatiel2.CircuitState.Open && openedAtMs > 0 && Date.now() - openedAtMs >= config.half_open_after_ms) {
+      return import_cockatiel2.CircuitState.HalfOpen;
+    }
+    return raw;
+  };
+  return {
+    state() {
+      return toTargetState(effectiveState());
+    },
+    async recordSuccess() {
+      try {
+        await current.policy.execute(async () => void 0);
+      } catch (err) {
+        if (err instanceof import_cockatiel2.BrokenCircuitError || err instanceof import_cockatiel2.IsolatedCircuitError) {
+          return;
+        }
+        throw err;
+      }
+    },
+    async recordFailure() {
+      try {
+        await current.policy.execute(async () => {
+          throw new Error("recorded-failure");
+        });
+      } catch {
+      }
+    },
+    allowRequest() {
+      return effectiveState() !== import_cockatiel2.CircuitState.Open;
+    },
+    reset() {
+      current = createPolicy();
+      previousState = import_cockatiel2.CircuitState.Closed;
+      openedAtMs = 0;
+      subscribeEvents(current.policy);
+    }
+  };
+};
+
+// src/routing/concurrency-tracker.ts
+var createConcurrencyTracker = (defaultLimit) => {
+  const state = /* @__PURE__ */ new Map();
+  const getOrCreate = (target_id) => {
+    const existing = state.get(target_id);
+    if (existing) return existing;
+    const entry = { active: 0, limit: defaultLimit };
+    state.set(target_id, entry);
+    return entry;
+  };
+  return {
+    acquire(target_id) {
+      const entry = getOrCreate(target_id);
+      if (entry.active >= entry.limit) return false;
+      entry.active += 1;
+      return true;
+    },
+    release(target_id) {
+      const entry = state.get(target_id);
+      if (!entry || entry.active <= 0) return;
+      entry.active -= 1;
+    },
+    headroom(target_id) {
+      const entry = getOrCreate(target_id);
+      return Math.max(0, entry.limit - entry.active);
+    },
+    active(target_id) {
+      const entry = state.get(target_id);
+      return entry ? entry.active : 0;
+    },
+    setLimit(target_id, limit) {
+      const entry = getOrCreate(target_id);
+      entry.limit = limit;
+    }
+  };
+};
+
+// src/routing/policy-engine.ts
+var normalizeLatency = (latencyEmaMs, maxExpectedMs) => Math.min(latencyEmaMs / maxExpectedMs, 1);
+var computeScore = (target, weights, maxLatencyMs) => weights.health * target.health_score - weights.latency * normalizeLatency(target.latency_ema_ms, maxLatencyMs) - weights.failure * target.failure_score + weights.priority * target.operator_priority;
+var getExclusionReason = (target, circuitBreakers, requiredCapabilities, excludeTargets, nowMs) => {
+  if (!target.enabled) {
+    return "disabled";
+  }
+  if (target.state === "PolicyBlocked") {
+    return "policy_blocked";
+  }
+  if (target.state === "ReauthRequired") {
+    return "reauth_required";
+  }
+  if (target.state === "Draining") {
+    return "draining";
+  }
+  if (target.state === "Disabled") {
+    return "disabled";
+  }
+  const breaker = circuitBreakers.get(target.target_id);
+  if (breaker !== void 0 && !breaker.allowRequest()) {
+    return "circuit_open";
+  }
+  if (target.cooldown_until !== null && target.cooldown_until > nowMs) {
+    return "cooldown_active";
+  }
+  if (requiredCapabilities.length > 0 && !requiredCapabilities.every((cap) => target.capabilities.includes(cap))) {
+    return "capability_mismatch";
+  }
+  return null;
+};
+var selectTarget = (snapshot, circuitBreakers, requiredCapabilities, weights, maxLatencyMs, nowMs, request_id, excludeTargets, logger) => {
+  const excluded = [];
+  const eligible = [];
+  for (const target of snapshot.targets) {
+    if (excludeTargets !== void 0 && excludeTargets.has(target.target_id)) {
+      continue;
+    }
+    const reason = getExclusionReason(
+      target,
+      circuitBreakers,
+      requiredCapabilities,
+      excludeTargets ?? /* @__PURE__ */ new Set(),
+      nowMs
+    );
+    if (reason !== null) {
+      excluded.push({ target_id: target.target_id, reason });
+    } else {
+      eligible.push(target);
+    }
+  }
+  const scored = eligible.map((target) => ({
+    target,
+    score: computeScore(target, weights, maxLatencyMs)
+  }));
+  scored.sort((a, b) => {
+    const scoreDiff = b.score - a.score;
+    if (scoreDiff !== 0) {
+      return scoreDiff;
+    }
+    return a.target.target_id.localeCompare(b.target.target_id);
+  });
+  const candidates = scored.map((s) => ({
+    target_id: s.target.target_id,
+    score: s.score,
+    health_score: s.target.health_score,
+    latency_ema_ms: s.target.latency_ema_ms
+  }));
+  const firstCandidate = candidates.length > 0 ? candidates[0] : void 0;
+  const selected = firstCandidate !== void 0 ? {
+    target_id: firstCandidate.target_id,
+    score: firstCandidate.score,
+    rank: 0
+  } : null;
+  const record = {
+    request_id,
+    timestamp_ms: nowMs,
+    candidates,
+    excluded,
+    selected
+  };
+  if (logger !== void 0) {
+    const excludedSummary = {};
+    for (const e of excluded) {
+      excludedSummary[e.reason] = (excludedSummary[e.reason] ?? 0) + 1;
+    }
+    const logFields = {
+      event: "target_selected",
+      component: "policy-engine",
+      request_id,
+      selected: selected?.target_id ?? null,
+      score: selected?.score ?? null,
+      candidates_count: candidates.length,
+      excluded_count: excluded.length,
+      excluded_summary: excludedSummary
+    };
+    if (selected !== null) {
+      logger.info(logFields, "Target selected");
+    } else {
+      logger.warn(logFields, "No eligible target");
+    }
+  }
+  return record;
+};
+
+// src/routing/cooldown.ts
+var DEFAULT_COOLDOWN_BASE_MS = 5e3;
+var computeCooldownMs = (errorClass, consecutiveFailures, backoffParams, maxMs) => {
+  const noJitterParams = {
+    ...backoffParams,
+    jitter: "none"
+  };
+  let base;
+  if (errorClass.class === "RateLimited" && "retry_after_ms" in errorClass && errorClass.retry_after_ms !== void 0) {
+    base = Math.min(errorClass.retry_after_ms, maxMs);
+  } else if (errorClass.class === "RateLimited") {
+    base = computeBackoffMs(consecutiveFailures, noJitterParams);
+  } else if (errorClass.class === "TransientServerFailure") {
+    base = computeBackoffMs(consecutiveFailures, noJitterParams) / 2;
+  } else {
+    base = DEFAULT_COOLDOWN_BASE_MS;
+  }
+  base = Math.min(base, maxMs);
+  const jitterFraction = 0.1 + Math.random() * 0.15;
+  const jitter = jitterFraction * base;
+  return Math.min(base + jitter, maxMs);
+};
+var createCooldownManager = (registry, eventBus) => ({
+  setCooldown(target_id, durationMs, errorClass) {
+    const untilMs = Date.now() + durationMs;
+    registry.setCooldown(target_id, untilMs);
+    registry.updateState(target_id, "CoolingDown");
+    eventBus?.emit("cooldown_set", {
+      target_id,
+      until_ms: untilMs,
+      error_class: errorClass
+    });
+  },
+  checkExpired(nowMs) {
+    const expired = [];
+    for (const target of registry.getAllTargets()) {
+      if (target.state === "CoolingDown" && target.cooldown_until !== null && target.cooldown_until <= nowMs) {
+        registry.setCooldown(target.target_id, 0);
+        registry.updateState(target.target_id, "Active");
+        eventBus?.emit("cooldown_expired", { target_id: target.target_id });
+        expired.push(target.target_id);
+      }
+    }
+    return expired;
+  },
+  isInCooldown(target_id, nowMs) {
+    const target = registry.getTarget(target_id);
+    if (!target) {
+      return false;
+    }
+    return target.cooldown_until !== null && target.cooldown_until > nowMs;
+  }
+});
+
+// src/routing/admission.ts
+var import_p_queue = __toESM(require("p-queue"), 1);
+var checkHardRejects = (ctx) => {
+  if (!ctx.hasEligibleTargets) {
+    return { result: "rejected", reason: "no eligible targets available" };
+  }
+  if (ctx.operatorPaused) {
+    return { result: "rejected", reason: "operator pause active" };
+  }
+  if (ctx.retryBudgetRemaining <= 0) {
+    return { result: "rejected", reason: "retry budget exhausted" };
+  }
+  if (ctx.failoverBudgetRemaining <= 0) {
+    return { result: "rejected", reason: "failover budget exhausted" };
+  }
+  return null;
+};
+var createAdmissionController = (config, eventBus) => {
+  const queue = new import_p_queue.default({
+    concurrency: config.concurrencyLimit
+  });
+  const emitDecision = (request_id, decision) => {
+    eventBus?.emit("admission_decision", {
+      request_id,
+      result: decision.result,
+      reason: decision.reason
+    });
+  };
+  const controller = {
+    async admit(request_id, ctx) {
+      const hardReject = checkHardRejects(ctx);
+      if (hardReject) {
+        emitDecision(request_id, hardReject);
+        return hardReject;
+      }
+      if (queue.size > config.backpressureThreshold) {
+        const decision2 = {
+          result: "degraded",
+          reason: `backpressure: ${queue.size} queued > ${config.backpressureThreshold} threshold`
+        };
+        emitDecision(request_id, decision2);
+        return decision2;
+      }
+      const total = queue.size + queue.pending;
+      if (total >= config.queueLimit + config.concurrencyLimit) {
+        const decision2 = {
+          result: "rejected",
+          reason: `queue full: ${total} >= ${config.queueLimit + config.concurrencyLimit}`
+        };
+        emitDecision(request_id, decision2);
+        return decision2;
+      }
+      const decision = {
+        result: "admitted",
+        reason: "capacity available"
+      };
+      emitDecision(request_id, decision);
+      return decision;
+    },
+    async execute(fn, request_id, ctx) {
+      const decision = await controller.admit(request_id, ctx);
+      if (decision.result === "rejected") {
+        return { decision };
+      }
+      const result = await queue.add(fn);
+      return { decision, result };
+    },
+    get pending() {
+      return queue.pending;
+    },
+    get size() {
+      return queue.size;
+    }
+  };
+  return controller;
+};
+
+// src/routing/log-subscriber.ts
+var createLogSubscriber = (eventBus, logger) => {
+  const log = logger.child({ component: "routing" });
+  const onCircuitStateChange = (payload) => {
+    log.info(
+      {
+        event: "circuit_state_change",
+        target_id: payload.target_id,
+        from: payload.from,
+        to: payload.to,
+        reason: payload.reason
+      },
+      "Circuit breaker transition"
+    );
+  };
+  const onCooldownSet = (payload) => {
+    log.info(
+      {
+        event: "cooldown_set",
+        target_id: payload.target_id,
+        duration_ms: payload.until_ms - Date.now(),
+        error_class: payload.error_class
+      },
+      "Cooldown set"
+    );
+  };
+  const onCooldownExpired = (payload) => {
+    log.info(
+      {
+        event: "cooldown_expired",
+        target_id: payload.target_id
+      },
+      "Cooldown expired"
+    );
+  };
+  const onAdmissionDecision = (payload) => {
+    const fields = {
+      event: "admission_decision",
+      request_id: payload.request_id,
+      result: payload.result,
+      reason: payload.reason
+    };
+    if (payload.result === "admitted" || payload.result === "queued") {
+      log.info(fields, "Admission decision");
+    } else {
+      log.warn(fields, "Admission decision");
+    }
+  };
+  const onHealthUpdated = (payload) => {
+    log.debug(
+      {
+        event: "health_updated",
+        target_id: payload.target_id,
+        old_score: payload.old_score,
+        new_score: payload.new_score
+      },
+      "Health score updated"
+    );
+  };
+  const onTargetExcluded = (payload) => {
+    log.debug(
+      {
+        event: "target_excluded",
+        target_id: payload.target_id,
+        reason: payload.reason
+      },
+      "Target excluded"
+    );
+  };
+  eventBus.on("circuit_state_change", onCircuitStateChange);
+  eventBus.on("cooldown_set", onCooldownSet);
+  eventBus.on("cooldown_expired", onCooldownExpired);
+  eventBus.on("admission_decision", onAdmissionDecision);
+  eventBus.on("health_updated", onHealthUpdated);
+  eventBus.on("target_excluded", onTargetExcluded);
+  return () => {
+    eventBus.off("circuit_state_change", onCircuitStateChange);
+    eventBus.off("cooldown_set", onCooldownSet);
+    eventBus.off("cooldown_expired", onCooldownExpired);
+    eventBus.off("admission_decision", onAdmissionDecision);
+    eventBus.off("health_updated", onHealthUpdated);
+    eventBus.off("target_excluded", onTargetExcluded);
+  };
+};
+
+// src/routing/failover.ts
+var createFailoverOrchestrator = (deps) => ({
+  async execute(request_id, attemptFn, requiredCapabilities) {
+    const log = deps.logger?.child({ component: "failover", request_id });
+    const attempts = [];
+    const failedTargets = /* @__PURE__ */ new Set();
+    let totalRetries = 0;
+    let totalFailovers = 0;
+    let lastErrorClass;
+    log?.info(
+      { event: "failover_start", retry_budget: deps.retryBudget, failover_budget: deps.failoverBudget },
+      "Failover loop started"
+    );
+    for (let failoverNo = 0; failoverNo <= deps.failoverBudget; failoverNo++) {
+      deps.cooldownManager.checkExpired(Date.now());
+      const snapshot = deps.registry.getSnapshot();
+      const selection = selectTarget(
+        snapshot,
+        deps.circuitBreakers,
+        requiredCapabilities,
+        deps.weights,
+        deps.maxLatencyMs,
+        Date.now(),
+        request_id,
+        failedTargets
+      );
+      if (!selection.selected) {
+        log?.warn(
+          { event: "no_eligible_target", failover_no: failoverNo },
+          "No eligible target available"
+        );
+        return {
+          outcome: "failure",
+          reason: "no eligible target available",
+          attempts,
+          total_retries: totalRetries,
+          total_failovers: totalFailovers,
+          last_error_class: lastErrorClass
+        };
+      }
+      const targetId = selection.selected.target_id;
+      const retryPolicy = createRetryPolicy(
+        deps.retryBudget,
+        deps.backoffParams
+      );
+      for (let retry = 0; retry <= deps.retryBudget; retry++) {
+        const attemptNo = retry + 1;
+        const acquired = deps.concurrency.acquire(targetId);
+        if (!acquired) {
+          log?.warn(
+            { event: "concurrency_full", target_id: targetId, failover_no: failoverNo },
+            "No concurrency headroom \u2014 failing over"
+          );
+          failedTargets.add(targetId);
+          break;
+        }
+        let attemptResult;
+        try {
+          attemptResult = await attemptFn(targetId);
+        } finally {
+          deps.concurrency.release(targetId);
+        }
+        if (attemptResult.success) {
+          const cb2 = deps.circuitBreakers.get(targetId);
+          if (cb2) {
+            await cb2.recordSuccess();
+          }
+          deps.registry.recordObservation(targetId, 1);
+          deps.registry.updateLatency(targetId, attemptResult.latency_ms);
+          log?.info(
+            { event: "attempt_success", target_id: targetId, attempt_no: attemptNo, failover_no: failoverNo, latency_ms: attemptResult.latency_ms },
+            "Attempt succeeded"
+          );
+          attempts.push({
+            target_id: targetId,
+            attempt_no: attemptNo,
+            failover_no: failoverNo,
+            outcome: "success",
+            latency_ms: attemptResult.latency_ms,
+            selection
+          });
+          return {
+            outcome: "success",
+            target_id: targetId,
+            attempts,
+            total_retries: totalRetries,
+            total_failovers: totalFailovers,
+            value: attemptResult.value
+          };
+        }
+        const errorClass = attemptResult.error_class;
+        lastErrorClass = errorClass.class;
+        const cb = deps.circuitBreakers.get(targetId);
+        if (cb) {
+          await cb.recordFailure();
+        }
+        deps.registry.recordObservation(targetId, 0);
+        const stateTransition = getTargetStateTransition(errorClass);
+        if (stateTransition) {
+          deps.registry.updateState(targetId, stateTransition);
+        }
+        if (errorClass.class === "RateLimited") {
+          const cooldownMs = computeCooldownMs(
+            errorClass,
+            retry,
+            deps.backoffParams,
+            deps.backoffParams.max_ms
+          );
+          deps.cooldownManager.setCooldown(
+            targetId,
+            cooldownMs,
+            errorClass.class
+          );
+        }
+        if (errorClass.class === "ModelUnavailable") {
+          log?.info(
+            { event: "early_failover", target_id: targetId, error_class: errorClass.class, failover_no: failoverNo },
+            "Early failover \u2014 ModelUnavailable"
+          );
+          attempts.push({
+            target_id: targetId,
+            attempt_no: attemptNo,
+            failover_no: failoverNo,
+            outcome: "failover",
+            error_class: errorClass.class,
+            latency_ms: attemptResult.latency_ms,
+            selection
+          });
+          failedTargets.add(targetId);
+          totalFailovers++;
+          break;
+        }
+        if (!isRetryable(errorClass)) {
+          log?.warn(
+            { event: "abort", target_id: targetId, error_class: errorClass.class },
+            "Non-retryable error \u2014 aborting"
+          );
+          attempts.push({
+            target_id: targetId,
+            attempt_no: attemptNo,
+            failover_no: failoverNo,
+            outcome: "abort",
+            error_class: errorClass.class,
+            latency_ms: attemptResult.latency_ms,
+            selection
+          });
+          return {
+            outcome: "failure",
+            reason: `non-retryable: ${errorClass.class}`,
+            attempts,
+            total_retries: totalRetries,
+            total_failovers: totalFailovers,
+            last_error_class: errorClass.class
+          };
+        }
+        const decision = retryPolicy.decide(
+          {
+            error_class: errorClass,
+            detection_mode: "direct",
+            confidence: "high",
+            raw_signal: { detection_mode: "direct" }
+          },
+          retry
+        );
+        if (decision.action === "exhausted") {
+          log?.info(
+            { event: "retry_budget_exhausted", target_id: targetId, failover_no: failoverNo },
+            "Retry budget exhausted \u2014 failing over"
+          );
+          attempts.push({
+            target_id: targetId,
+            attempt_no: attemptNo,
+            failover_no: failoverNo,
+            outcome: "failover",
+            error_class: errorClass.class,
+            latency_ms: attemptResult.latency_ms,
+            selection
+          });
+          failedTargets.add(targetId);
+          totalFailovers++;
+          break;
+        }
+        attempts.push({
+          target_id: targetId,
+          attempt_no: attemptNo,
+          failover_no: failoverNo,
+          outcome: "retry",
+          error_class: errorClass.class,
+          latency_ms: attemptResult.latency_ms,
+          selection
+        });
+        totalRetries++;
+        if (decision.action === "retry") {
+          log?.info(
+            { event: "retry", target_id: targetId, attempt_no: attemptNo, error_class: errorClass.class, delay_ms: decision.delay_ms },
+            "Retrying after delay"
+          );
+          await new Promise(
+            (resolve) => setTimeout(resolve, decision.delay_ms)
+          );
+        }
+      }
+    }
+    log?.warn(
+      { event: "failover_budget_exhausted", total_retries: totalRetries, total_failovers: totalFailovers },
+      "Failover budget exhausted"
+    );
+    return {
+      outcome: "failure",
+      reason: "failover budget exhausted",
+      attempts,
+      total_retries: totalRetries,
+      total_failovers: totalFailovers,
+      last_error_class: lastErrorClass
+    };
+  }
+});
+
+// src/execution/stream-buffer.ts
+var createStreamBuffer = () => {
+  const chunks = [];
+  return {
+    /**
+     * Appends a chunk to the buffer.
+     *
+     * @param chunk - The stream chunk to append.
+     * @returns The index of the appended chunk (0-based).
+     */
+    append(chunk) {
+      chunks.push(chunk);
+      return chunks.length - 1;
+    },
+    /**
+     * Returns a readonly copy of all accumulated chunks.
+     *
+     * The returned array is a shallow copy; mutations to it
+     * do not affect the internal buffer.
+     *
+     * @returns Readonly array of confirmed chunks.
+     */
+    confirmed() {
+      return [...chunks];
+    },
+    /**
+     * Returns the total character count across all confirmed chunks.
+     *
+     * Used to compute visible_offset for segment provenance.
+     *
+     * @returns Total character count.
+     */
+    confirmedCharCount() {
+      return chunks.reduce((sum, c) => sum + c.text.length, 0);
+    },
+    /**
+     * Returns the concatenated text of all confirmed chunks.
+     *
+     * This is the confirmed output that can be preserved on
+     * interruption and used as prefix for stream stitching.
+     *
+     * @returns Concatenated confirmed text.
+     */
+    snapshot() {
+      return chunks.map((c) => c.text).join("");
+    }
+  };
+};
+
+// src/execution/stream-stitcher.ts
+var determineContinuationMode = (oldTargetId, newTargetId, sameModel) => {
+  if (oldTargetId === newTargetId) {
+    return "same_target_resume";
+  }
+  return sameModel ? "same_model_alternate_target" : "cross_model_semantic";
+};
+var createStreamStitcher = (_requestId) => {
+  const segments = [];
+  return {
+    /**
+     * Adds a segment to the stitcher.
+     *
+     * Computes visible_offset as the cumulative character count
+     * of all previously added segments.
+     *
+     * @param buffer - The stream buffer containing the segment's chunks.
+     * @param provenance - Segment provenance without visible_offset (computed here).
+     */
+    addSegment(buffer, provenance) {
+      const visibleOffset = segments.reduce(
+        (sum, entry) => sum + entry.text.length,
+        0
+      );
+      segments.push({
+        text: buffer.snapshot(),
+        provenance: { ...provenance, visible_offset: visibleOffset }
+      });
+    },
+    /**
+     * Assembles the final stitched output.
+     *
+     * @returns StitchedOutput with concatenated text, segments, and boundaries.
+     */
+    assemble() {
+      const text = segments.map((s) => s.text).join("");
+      const provenanceList = segments.map((s) => s.provenance);
+      const continuationBoundaries = provenanceList.slice(1).map((p) => p.visible_offset);
+      return {
+        text,
+        segments: provenanceList,
+        continuation_boundaries: continuationBoundaries
+      };
+    },
+    /**
+     * Returns the number of segments added so far.
+     *
+     * @returns Segment count.
+     */
+    segmentCount() {
+      return segments.length;
+    }
+  };
+};
+
+// src/execution/audit-collector.ts
+var createAuditCollector = (logger, requestId) => {
+  const requestLogger = createRequestLogger(logger, requestId);
+  const attempts = [];
+  const segments = [];
+  return {
+    recordAttempt(attempt) {
+      attempts.push(attempt);
+    },
+    recordSegment(segment) {
+      segments.push(segment);
+    },
+    flush(outcome, finalTarget, stats) {
+      requestLogger.info({
+        event_type: "request_complete",
+        outcome,
+        final_target: finalTarget,
+        total_attempts: attempts.length,
+        total_segments: segments.length,
+        total_retries: stats?.total_retries,
+        total_failovers: stats?.total_failovers,
+        latency_ms: stats?.latency_ms,
+        attempts: [...attempts],
+        segments: [...segments]
+      });
+    }
+  };
+};
+
+// src/execution/orchestrator.ts
+var createExecutionOrchestrator = (deps) => ({
+  async execute(request) {
+    const requestId = request.request_id || generateCorrelationId();
+    const auditCollector = createAuditCollector(deps.logger, requestId);
+    const stitcher = createStreamStitcher(requestId);
+    const startMs = Date.now();
+    const heuristicFlags = [];
+    let outcome = "failure";
+    let finalTarget;
+    let summaryAttempts = 0;
+    let summaryRetries = 0;
+    let summaryFailovers = 0;
+    let summaryTargets = [];
+    try {
+      const failoverResult = await deps.failover.execute(
+        requestId,
+        async (targetId) => {
+          const buffer = createStreamBuffer();
+          const adapterResult = await deps.adapter.execute(targetId, request);
+          for (const chunk of adapterResult.chunks) {
+            buffer.append(chunk);
+          }
+          heuristicFlags.push(
+            adapterResult.detection_mode === "heuristic"
+          );
+          const value = { buffer, adapterResult };
+          return {
+            success: adapterResult.success,
+            value,
+            error_class: adapterResult.error_class,
+            latency_ms: adapterResult.latency_ms
+          };
+        },
+        []
+      );
+      for (const attempt of failoverResult.attempts) {
+        auditCollector.recordAttempt(attempt);
+      }
+      summaryAttempts = failoverResult.attempts.length;
+      summaryRetries = failoverResult.total_retries;
+      summaryFailovers = failoverResult.total_failovers;
+      summaryTargets = [...new Set(failoverResult.attempts.map((a) => a.target_id))];
+      if (failoverResult.outcome === "success") {
+        outcome = "success";
+        finalTarget = failoverResult.target_id;
+        const attemptValue = failoverResult.value;
+        const continuationMode = stitcher.segmentCount() === 0 ? "same_target_resume" : "same_target_resume";
+        stitcher.addSegment(attemptValue.buffer, {
+          request_id: requestId,
+          segment_id: stitcher.segmentCount(),
+          source_target_id: failoverResult.target_id,
+          continuation_mode: continuationMode,
+          non_deterministic: false
+        });
+        const segmentProvenance = stitcher.assemble().segments;
+        for (const seg of segmentProvenance) {
+          auditCollector.recordSegment(seg);
+        }
+        const stitchedOutput = stitcher.assemble();
+        const isDegraded2 = deps.mode === "plugin-only";
+        const isHeuristic2 = heuristicFlags.some(Boolean);
+        const uniqueModes = [
+          ...new Set(stitchedOutput.segments.map((s) => s.continuation_mode))
+        ];
+        const uniqueTargets = [
+          ...new Set(stitchedOutput.segments.map((s) => s.source_target_id))
+        ];
+        const provenance2 = {
+          request_id: requestId,
+          segments: stitchedOutput.segments,
+          continuation_modes: uniqueModes,
+          targets_involved: uniqueTargets,
+          total_attempts: failoverResult.attempts.length,
+          degraded: isDegraded2,
+          degraded_reason: isDegraded2 ? "plugin-only mode: limited failover capability" : void 0,
+          heuristic_detection: isHeuristic2
+        };
+        return {
+          success: true,
+          output: stitchedOutput.text,
+          provenance: provenance2
+        };
+      }
+      const isDegraded = deps.mode === "plugin-only";
+      const isHeuristic = heuristicFlags.some(Boolean);
+      const provenance = {
+        request_id: requestId,
+        segments: [],
+        continuation_modes: [],
+        targets_involved: [],
+        total_attempts: failoverResult.attempts.length,
+        degraded: isDegraded,
+        degraded_reason: isDegraded ? "plugin-only mode: limited failover capability" : void 0,
+        heuristic_detection: isHeuristic
+      };
+      return {
+        success: false,
+        output: "",
+        provenance
+      };
+    } finally {
+      auditCollector.flush(outcome, finalTarget);
+      const requestLogger = createRequestLogger(deps.logger, requestId);
+      const endMs = Date.now();
+      requestLogger.info({
+        event: "request_summary",
+        component: "execution",
+        outcome,
+        total_attempts: summaryAttempts,
+        total_failovers: summaryFailovers,
+        total_retries: summaryRetries,
+        latency_ms: endMs - startMs,
+        targets_used: summaryTargets,
+        final_target: finalTarget ?? null
+      }, "Request complete");
+    }
+  }
+});
+
+// src/execution/adapters/plugin-adapter.ts
+var createPluginAdapter = (_deps) => ({
+  /**
+   * Executes a request in plugin-only mode.
+   *
+   * Phase 3 stub: returns a not-yet-implemented result.
+   * Phase 4 will wire this to OpenCode plugin lifecycle hooks.
+   *
+   * @param _targetId - The target to execute against.
+   * @param _request - The adapter request payload.
+   * @returns AdapterResult with heuristic detection mode.
+   */
+  async execute(_targetId, _request) {
+    const start = Date.now();
+    return {
+      success: false,
+      chunks: [],
+      error_class: void 0,
+      latency_ms: Date.now() - start,
+      detection_mode: "heuristic"
+    };
+  }
+});
+
+// src/execution/adapters/server-adapter.ts
+var createServerAdapter = (_deps) => ({
+  /**
+   * Executes a request in server-companion mode.
+   *
+   * Phase 3 stub: returns a not-yet-implemented result.
+   * Phase 4 will wire this to the OpenCode SDK client, extracting
+   * statusCode, responseHeaders['retry-after'], and responseBody
+   * from SDK ApiError for direct error classification.
+   *
+   * @param _targetId - The target to execute against.
+   * @param _request - The adapter request payload.
+   * @returns AdapterResult with direct detection mode.
+   */
+  async execute(_targetId, _request) {
+    const start = Date.now();
+    return {
+      success: false,
+      chunks: [],
+      error_class: void 0,
+      latency_ms: Date.now() - start,
+      detection_mode: "direct"
+    };
+  }
+});
+
+// src/execution/adapters/sdk-adapter.ts
+var createSdkAdapter = (_deps) => ({
+  /**
+   * Executes a request in SDK-control mode.
+   *
+   * Phase 3 stub: returns a not-yet-implemented result.
+   * Phase 4 will wire this to the OpenCode SDK client with full
+   * session management and provider control capabilities.
+   *
+   * @param _targetId - The target to execute against.
+   * @param _request - The adapter request payload.
+   * @returns AdapterResult with direct detection mode.
+   */
+  async execute(_targetId, _request) {
+    const start = Date.now();
+    return {
+      success: false,
+      chunks: [],
+      error_class: void 0,
+      latency_ms: Date.now() - start,
+      detection_mode: "direct"
+    };
+  }
+});
+
+// src/execution/adapters/adapter-factory.ts
+var createModeAdapter = (mode, deps) => {
+  switch (mode) {
+    case "plugin-only":
+      return createPluginAdapter(deps);
+    case "server-companion":
+      return createServerAdapter(deps);
+    case "sdk-control":
+      return createSdkAdapter(deps);
+    default: {
+      const _exhaustive = mode;
+      throw new Error(`Unknown deployment mode: ${String(_exhaustive)}`);
+    }
+  }
+};
+
+// src/operator/reload.ts
+var computeConfigDiff = (oldConfig, newConfig) => {
+  const oldTargets = oldConfig.targets ?? [];
+  const newTargets = newConfig.targets ?? [];
+  const oldIds = new Set(oldTargets.map((t) => t.target_id));
+  const newIds = new Set(newTargets.map((t) => t.target_id));
+  const oldMap = new Map(oldTargets.map((t) => [t.target_id, t]));
+  const added = newTargets.filter((t) => !oldIds.has(t.target_id));
+  const removed = oldTargets.filter((t) => !newIds.has(t.target_id)).map((t) => t.target_id);
+  const modified = newTargets.filter((t) => {
+    if (!oldIds.has(t.target_id)) {
+      return false;
+    }
+    const old = oldMap.get(t.target_id);
+    if (!old) {
+      return false;
+    }
+    return hasConfigChanged(old, t);
+  });
+  return { added, removed, modified };
+};
+var hasConfigChanged = (oldTarget, newTarget) => {
+  if (oldTarget.profile !== newTarget.profile) return true;
+  if (oldTarget.enabled !== newTarget.enabled) return true;
+  if (oldTarget.operator_priority !== newTarget.operator_priority) return true;
+  if (JSON.stringify(oldTarget.policy_tags) !== JSON.stringify(newTarget.policy_tags)) return true;
+  if (JSON.stringify(oldTarget.capabilities) !== JSON.stringify(newTarget.capabilities)) return true;
+  if (oldTarget.retry_budget !== newTarget.retry_budget) return true;
+  if (oldTarget.failover_budget !== newTarget.failover_budget) return true;
+  if (oldTarget.concurrency_limit !== newTarget.concurrency_limit) return true;
+  return false;
+};
+var applyConfigDiff = (registry, diff) => {
+  for (const tc of diff.added) {
+    const entry = {
+      target_id: tc.target_id,
+      provider_id: tc.provider_id,
+      profile: tc.profile,
+      endpoint_id: tc.endpoint_id,
+      capabilities: [...tc.capabilities],
+      enabled: tc.enabled,
+      state: "Active",
+      health_score: INITIAL_HEALTH_SCORE,
+      cooldown_until: null,
+      latency_ema_ms: 0,
+      failure_score: 0,
+      operator_priority: tc.operator_priority,
+      policy_tags: [...tc.policy_tags]
+    };
+    registry.addTarget(entry);
+  }
+  for (const id of diff.removed) {
+    registry.updateState(id, "Disabled");
+  }
+  for (const tc of diff.modified) {
+    const existing = registry.getTarget(tc.target_id);
+    if (existing) {
+      const updated = {
+        ...existing,
+        provider_id: tc.provider_id,
+        profile: tc.profile,
+        endpoint_id: tc.endpoint_id,
+        capabilities: [...tc.capabilities],
+        enabled: tc.enabled,
+        operator_priority: tc.operator_priority,
+        policy_tags: [...tc.policy_tags]
+      };
+      registry.removeTarget(tc.target_id);
+      registry.addTarget(updated);
+    }
+  }
+};
+
+// src/operator/commands.ts
+var createRequestTraceBuffer = (capacity) => {
+  const entries = /* @__PURE__ */ new Map();
+  const order = [];
+  return {
+    record(entry) {
+      if (entries.has(entry.request_id)) {
+        const idx = order.indexOf(entry.request_id);
+        if (idx !== -1) {
+          order.splice(idx, 1);
+        }
+      }
+      while (order.length >= capacity) {
+        const oldest = order.shift();
+        if (oldest !== void 0) {
+          entries.delete(oldest);
+        }
+      }
+      entries.set(entry.request_id, entry);
+      order.push(entry.request_id);
+    },
+    lookup(requestId) {
+      return entries.get(requestId);
+    },
+    size() {
+      return entries.size;
+    }
+  };
+};
+var listTargets = (deps) => {
+  const allTargets = deps.registry.getAllTargets();
+  const targets = allTargets.map((t) => {
+    const cb = deps.circuitBreakers.get(t.target_id);
+    const cbState = cb ? cb.state() : "Active";
+    return {
+      target_id: t.target_id,
+      provider_id: t.provider_id,
+      profile: t.profile,
+      state: t.state,
+      health_score: t.health_score,
+      circuit_breaker_state: cbState,
+      cooldown_until: t.cooldown_until,
+      enabled: t.enabled,
+      latency_ema_ms: t.latency_ema_ms,
+      failure_score: t.failure_score,
+      operator_priority: t.operator_priority
+    };
+  });
+  return { targets, count: targets.length };
+};
+var targetAction = (deps, targetId, action, newState) => {
+  const updated = deps.registry.updateState(targetId, newState);
+  if (!updated) {
+    return { success: false, target_id: targetId, action, error: "target not found" };
+  }
+  return { success: true, target_id: targetId, action };
+};
+var pauseTarget = (deps, targetId) => targetAction(deps, targetId, "pause", "Disabled");
+var resumeTarget = (deps, targetId) => targetAction(deps, targetId, "resume", "Active");
+var drainTarget = (deps, targetId) => targetAction(deps, targetId, "drain", "Draining");
+var disableTarget = (deps, targetId) => targetAction(deps, targetId, "disable", "Disabled");
+var inspectRequest = (deps, requestId) => {
+  const trace = deps.traceBuffer.lookup(requestId);
+  if (!trace) {
+    return { found: false, request_id: requestId };
+  }
+  return { found: true, request_id: requestId, trace };
+};
+var reloadConfig = (deps, rawConfig) => {
+  try {
+    const newConfig = validateConfig(rawConfig);
+    const currentConfig = deps.configRef.current();
+    const diff = computeConfigDiff(currentConfig, newConfig);
+    applyConfigDiff(deps.registry, diff);
+    deps.configRef.swap(newConfig);
+    return {
+      success: true,
+      added: diff.added.map((t) => t.target_id),
+      removed: [...diff.removed],
+      modified: diff.modified.map((t) => t.target_id)
+    };
+  } catch (err) {
+    if (err instanceof ConfigValidationError) {
+      return {
+        success: false,
+        added: [],
+        removed: [],
+        modified: [],
+        diagnostics: err.diagnostics
+      };
+    }
+    throw err;
+  }
+};
+
+// src/operator/server-auth.ts
+var import_node_crypto2 = require("crypto");
+var validateBearerToken = (authHeader, expectedToken) => {
+  if (authHeader === void 0) {
+    return { authorized: false, reason: "missing Authorization header" };
+  }
+  if (!authHeader.startsWith("Bearer ")) {
+    return { authorized: false, reason: "invalid Authorization scheme" };
+  }
+  const token = authHeader.slice(7);
+  if (token.length !== expectedToken.length) {
+    return { authorized: false, reason: "invalid token" };
+  }
+  const tokenBuffer = Buffer.from(token);
+  const expectedBuffer = Buffer.from(expectedToken);
+  if (!(0, import_node_crypto2.timingSafeEqual)(tokenBuffer, expectedBuffer)) {
+    return { authorized: false, reason: "invalid token" };
+  }
+  return { authorized: true };
+};
+
+// src/operator/plugin-tools.ts
+var import_tool = require("@opencode-ai/plugin/tool");
+var { schema: z3 } = import_tool.tool;
+var createOperatorTools = (deps) => ({
+  listTargets: (0, import_tool.tool)({
+    description: "List all routing targets with health scores, states, and circuit breaker status.",
+    args: {},
+    async execute() {
+      deps.logger.info({ op: "listTargets" }, "operator: listTargets");
+      const result = listTargets(deps);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  pauseTarget: (0, import_tool.tool)({
+    description: "Pause a target, preventing new requests from being routed to it.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "pauseTarget", target_id: args.target_id },
+        "operator: pauseTarget"
+      );
+      const result = pauseTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  resumeTarget: (0, import_tool.tool)({
+    description: "Resume a previously paused or disabled target, allowing new requests.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "resumeTarget", target_id: args.target_id },
+        "operator: resumeTarget"
+      );
+      const result = resumeTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  drainTarget: (0, import_tool.tool)({
+    description: "Drain a target, allowing in-flight requests to complete but preventing new ones.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "drainTarget", target_id: args.target_id },
+        "operator: drainTarget"
+      );
+      const result = drainTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  disableTarget: (0, import_tool.tool)({
+    description: "Disable a target entirely, removing it from routing.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "disableTarget", target_id: args.target_id },
+        "operator: disableTarget"
+      );
+      const result = disableTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  inspectRequest: (0, import_tool.tool)({
+    description: "Inspect a request trace by ID, showing attempts, segments, and outcome.",
+    args: { request_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "inspectRequest", request_id: args.request_id },
+        "operator: inspectRequest"
+      );
+      const result = inspectRequest(deps, args.request_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  reloadConfig: (0, import_tool.tool)({
+    description: "Reload routing configuration with diff-apply. Validates new config before applying.",
+    args: { config: z3.record(z3.string(), z3.unknown()) },
+    async execute(args) {
+      deps.logger.info({ op: "reloadConfig" }, "operator: reloadConfig");
+      const result = reloadConfig(deps, args.config);
+      return JSON.stringify(result, null, 2);
+    }
+  })
+});
+
+// src/profiles/store.ts
+var import_promises = require("fs/promises");
+var import_node_os = require("os");
+var import_node_path = require("path");
+var PROFILES_DIR = (0, import_node_path.join)((0, import_node_os.homedir)(), ".local", "share", "o-switcher");
+var PROFILES_PATH = (0, import_node_path.join)(PROFILES_DIR, "profiles.json");
+var loadProfiles = async (path = PROFILES_PATH) => {
+  try {
+    const content = await (0, import_promises.readFile)(path, "utf-8");
+    return JSON.parse(content);
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") {
+      return {};
+    }
+    throw err;
+  }
+};
+var saveProfiles = async (store, path = PROFILES_PATH, logger) => {
+  const dir = (0, import_node_path.dirname)(path);
+  await (0, import_promises.mkdir)(dir, { recursive: true });
+  const tmpPath = `${path}.tmp`;
+  await (0, import_promises.writeFile)(tmpPath, JSON.stringify(store, null, 2), "utf-8");
+  await (0, import_promises.rename)(tmpPath, path);
+  logger?.info({ path }, "Profiles saved to disk");
+};
+var credentialsMatch = (a, b) => {
+  if (a.type !== b.type) return false;
+  if (a.type === "api-key" && b.type === "api-key") {
+    return a.key === b.key;
+  }
+  if (a.type === "oauth" && b.type === "oauth") {
+    return a.refresh === b.refresh && a.access === b.access && a.expires === b.expires && a.accountId === b.accountId;
+  }
+  return false;
+};
+var addProfile = (store, provider, credentials) => {
+  const isDuplicate = Object.values(store).some(
+    (entry2) => entry2.provider === provider && credentialsMatch(entry2.credentials, credentials)
+  );
+  if (isDuplicate) {
+    return store;
+  }
+  const id = nextProfileId(store, provider);
+  const entry = {
+    id,
+    provider,
+    type: credentials.type,
+    credentials,
+    created: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  return { ...store, [id]: entry };
+};
+var removeProfile = (store, id) => {
+  if (store[id] === void 0) {
+    return { store, removed: false };
+  }
+  const { [id]: _removed, ...rest } = store;
+  return { store: rest, removed: true };
+};
+var listProfiles = (store) => {
+  return Object.values(store).sort(
+    (a, b) => new Date(a.created).getTime() - new Date(b.created).getTime()
+  );
+};
+var nextProfileId = (store, provider) => {
+  const prefix = `${provider}-`;
+  const maxN = Object.keys(store).filter((key) => key.startsWith(prefix)).map((key) => Number(key.slice(prefix.length))).filter((n) => !Number.isNaN(n)).reduce((max, n) => Math.max(max, n), 0);
+  return `${provider}-${maxN + 1}`;
+};
+
+// src/profiles/watcher.ts
+var import_promises2 = require("fs/promises");
+var import_node_os2 = require("os");
+var import_node_path2 = require("path");
+var AUTH_JSON_PATH = (0, import_node_path2.join)(
+  (0, import_node_os2.homedir)(),
+  ".local",
+  "share",
+  "opencode",
+  "auth.json"
+);
+var DEBOUNCE_MS = 100;
+var readAuthJson = async (path) => {
+  try {
+    const content = await (0, import_promises2.readFile)(path, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return {};
+  }
+};
+var toCredential = (entry) => {
+  if (entry.type === "oauth" || entry.refresh !== void 0 && entry.access !== void 0) {
+    return {
+      type: "oauth",
+      refresh: String(entry.refresh ?? ""),
+      access: String(entry.access ?? ""),
+      expires: Number(entry.expires ?? 0),
+      accountId: entry.accountId !== void 0 ? String(entry.accountId) : void 0
+    };
+  }
+  return {
+    type: "api-key",
+    key: String(entry.key ?? "")
+  };
+};
+var entriesEqual = (a, b) => {
+  if (a === void 0 && b === void 0) return true;
+  if (a === void 0 || b === void 0) return false;
+  return JSON.stringify(a) === JSON.stringify(b);
+};
+var createAuthWatcher = (options) => {
+  const authPath = options?.authJsonPath ?? AUTH_JSON_PATH;
+  const profPath = options?.profilesPath ?? PROFILES_PATH;
+  const log = options?.logger?.child({ component: "profile-watcher" });
+  let lastKnownAuth = {};
+  let abortController = null;
+  let debounceTimer = null;
+  let watchPromise = null;
+  const processChange = async () => {
+    const newAuth = await readAuthJson(authPath);
+    let store = await loadProfiles(profPath);
+    let changed = false;
+    for (const [provider, entry] of Object.entries(newAuth)) {
+      if (!entry) continue;
+      const previousEntry = lastKnownAuth[provider];
+      if (previousEntry !== void 0 && !entriesEqual(previousEntry, entry)) {
+        log?.info({ provider, action: "credential_changed" }, "Credential change detected \u2014 saving previous credential");
+        const prevCredential = toCredential(previousEntry);
+        const newStore = addProfile(store, provider, prevCredential);
+        if (newStore !== store) {
+          store = newStore;
+          changed = true;
+        }
+      } else if (previousEntry === void 0) {
+        log?.info({ provider, action: "new_provider" }, "New provider detected");
+        const credential = toCredential(entry);
+        const newStore = addProfile(store, provider, credential);
+        if (newStore !== store) {
+          store = newStore;
+          changed = true;
+        }
+      }
+    }
+    if (changed) {
+      await saveProfiles(store, profPath);
+      log?.info({ profiles_saved: true }, "Profiles saved to disk");
+    }
+    lastKnownAuth = newAuth;
+  };
+  const onFileChange = () => {
+    if (debounceTimer !== null) {
+      clearTimeout(debounceTimer);
+    }
+    debounceTimer = setTimeout(() => {
+      debounceTimer = null;
+      processChange().catch((err) => {
+        log?.warn({ err }, "Error processing auth change");
+      });
+    }, DEBOUNCE_MS);
+  };
+  const start = async () => {
+    const currentAuth = await readAuthJson(authPath);
+    const currentStore = await loadProfiles(profPath);
+    log?.info({ providers: Object.keys(currentAuth) }, "Auth watcher started");
+    if (Object.keys(currentStore).length === 0 && Object.keys(currentAuth).length > 0) {
+      let store = {};
+      for (const [provider, entry] of Object.entries(currentAuth)) {
+        if (!entry) continue;
+        const credential = toCredential(entry);
+        store = addProfile(store, provider, credential);
+      }
+      await saveProfiles(store, profPath);
+      log?.info({ profiles_initialized: Object.keys(store).length }, "Initialized profiles from auth.json");
+    }
+    lastKnownAuth = currentAuth;
+    abortController = new AbortController();
+    const parentDir = (0, import_node_path2.dirname)(authPath);
+    watchPromise = (async () => {
+      try {
+        const watcher = (0, import_promises2.watch)(parentDir, {
+          signal: abortController.signal
+        });
+        for await (const event of watcher) {
+          if (event.filename === "auth.json" || event.filename === null) {
+            onFileChange();
+          }
+        }
+      } catch (err) {
+        const name = err.name;
+        if (name !== "AbortError") {
+        }
+      }
+    })();
+  };
+  const stop = () => {
+    if (debounceTimer !== null) {
+      clearTimeout(debounceTimer);
+      debounceTimer = null;
+    }
+    if (abortController !== null) {
+      abortController.abort();
+      abortController = null;
+    }
+    watchPromise = null;
+    log?.info("Auth watcher stopped");
+  };
+  return { start, stop };
+};
+
+// src/profiles/tools.ts
+var import_tool2 = require("@opencode-ai/plugin/tool");
+var { schema: z4 } = import_tool2.tool;
+var createProfileTools = (options) => ({
+  profilesList: (0, import_tool2.tool)({
+    description: "List all saved auth profiles with provider, type, and creation date.",
+    args: {},
+    async execute() {
+      const store = await loadProfiles(options?.profilesPath);
+      const profiles = listProfiles(store);
+      const result = profiles.map((entry) => ({
+        id: entry.id,
+        provider: entry.provider,
+        type: entry.type,
+        created: entry.created
+      }));
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  profilesRemove: (0, import_tool2.tool)({
+    description: "Remove a saved auth profile by ID.",
+    args: { id: z4.string().min(1) },
+    async execute(args) {
+      const store = await loadProfiles(options?.profilesPath);
+      const { store: newStore, removed } = removeProfile(store, args.id);
+      if (removed) {
+        await saveProfiles(newStore, options?.profilesPath);
+        return JSON.stringify({ success: true, id: args.id });
+      }
+      return JSON.stringify({
+        success: false,
+        id: args.id,
+        error: "Profile not found"
+      });
+    }
+  })
+});
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ADMISSION_RESULTS,
+  BackoffConfigSchema,
+  ConfigValidationError,
+  DEFAULT_ALPHA,
+  DEFAULT_BACKOFF_BASE_MS,
+  DEFAULT_BACKOFF_JITTER,
+  DEFAULT_BACKOFF_MAX_MS,
+  DEFAULT_BACKOFF_MULTIPLIER,
+  DEFAULT_BACKOFF_PARAMS,
+  DEFAULT_FAILOVER_BUDGET,
+  DEFAULT_RETRY,
+  DEFAULT_RETRY_BUDGET,
+  DEFAULT_TIMEOUT_MS,
+  DualBreaker,
+  EXCLUSION_REASONS,
+  ErrorClassSchema,
+  HEURISTIC_PATTERNS,
+  INITIAL_HEALTH_SCORE,
+  PROVIDER_PATTERNS,
+  REDACT_PATHS,
+  SwitcherConfigSchema,
+  TARGET_STATES,
+  TEMPORAL_QUOTA_PATTERN,
+  TargetConfigSchema,
+  TargetRegistry,
+  addProfile,
+  applyConfigDiff,
+  checkHardRejects,
+  classify,
+  computeBackoffMs,
+  computeConfigDiff,
+  computeCooldownMs,
+  computeScore,
+  createAdmissionController,
+  createAuditCollector,
+  createAuditLogger,
+  createAuthWatcher,
+  createCircuitBreaker,
+  createConcurrencyTracker,
+  createCooldownManager,
+  createExecutionOrchestrator,
+  createFailoverOrchestrator,
+  createLogSubscriber,
+  createModeAdapter,
+  createOperatorTools,
+  createProfileTools,
+  createRegistry,
+  createRequestLogger,
+  createRequestTraceBuffer,
+  createRetryPolicy,
+  createRoutingEventBus,
+  createStreamBuffer,
+  createStreamStitcher,
+  detectDeploymentMode,
+  determineContinuationMode,
+  directSignalFromResponse,
+  disableTarget,
+  discoverTargets,
+  discoverTargetsFromProfiles,
+  drainTarget,
+  extractRetryAfterMs,
+  generateCorrelationId,
+  getExclusionReason,
+  getModeCapabilities,
+  getSignalFidelity,
+  getTargetStateTransition,
+  heuristicSignalFromEvent,
+  inspectRequest,
+  isRetryable,
+  listProfiles,
+  listTargets,
+  loadProfiles,
+  nextProfileId,
+  normalizeLatency,
+  pauseTarget,
+  reloadConfig,
+  removeProfile,
+  resumeTarget,
+  saveProfiles,
+  selectTarget,
+  updateHealthScore,
+  updateLatencyEma,
+  validateBearerToken,
+  validateConfig
+});
+//# sourceMappingURL=index.cjs.map