opencandle 0.6.0 → 0.7.0

package/src/onboarding/provider-status.ts

@@ -0,0 +1,410 @@
+import { spawn } from "node:child_process";
+import type { ProviderId } from "./providers.js";
+import {
+  getCredentialSource,
+  getProvider,
+  isApiKeyProvider,
+  isExternalToolProvider,
+  isPublicHttpProvider,
+} from "./providers.js";
+import { loadOnboardingState } from "./state.js";
+
+const STATUS_TTL_MS = 60_000;
+const COMMAND_TIMEOUT_MS = 5_000;
+const PUBLIC_HTTP_TIMEOUT_MS = 3_000;
+const MAX_OUTPUT_CHARS = 32_000;
+
+export interface CommandResult {
+  readonly code: number | null;
+  readonly stdout: string;
+  readonly stderr: string;
+}
+
+export type CommandRunner = (
+  command: string,
+  args: readonly string[],
+  options?: { timeoutMs: number },
+) => Promise<CommandResult>;
+
+interface ProviderStatusBase {
+  readonly providerId: ProviderId;
+  readonly kind: "api-key" | "external-tool" | "public-http";
+  readonly state: string;
+  readonly checkedAt: string;
+  readonly cacheHit: boolean;
+  readonly message?: string;
+}
+
+export interface ApiKeyProviderStatus extends ProviderStatusBase {
+  readonly kind: "api-key";
+  readonly state: "configured" | "missing";
+  readonly credentialSource: "env" | "file" | "absent";
+}
+
+export interface ExternalToolProviderStatus extends ProviderStatusBase {
+  readonly kind: "external-tool";
+  readonly mode: "install" | "session";
+  readonly state:
+    | "installed"
+    | "missing"
+    | "session_ok"
+    | "session_missing"
+    | "session_stale"
+    | "skipped"
+    | "error";
+  readonly installCmd?: string;
+}
+
+export interface PublicHttpProviderStatus extends ProviderStatusBase {
+  readonly kind: "public-http";
+  readonly state: "reachable" | "unreachable" | "error";
+  readonly statusCode?: number;
+}
+
+export type ProviderStatus =
+  | ApiKeyProviderStatus
+  | ExternalToolProviderStatus
+  | PublicHttpProviderStatus;
+
+export interface ProbeProviderStatusOptions {
+  readonly mode?: "install" | "session";
+  readonly force?: boolean;
+  readonly commandRunner?: CommandRunner;
+  readonly fetchImpl?: typeof fetch;
+  readonly now?: Date;
+}
+
+interface CachedStatus {
+  readonly expiresAt: number;
+  readonly status: ProviderStatus;
+}
+
+const statusCache = new Map<string, CachedStatus>();
+
+export function clearProviderStatusCache(): void {
+  statusCache.clear();
+}
+
+export async function probeProviderStatus(
+  providerId: ProviderId,
+  options: ProbeProviderStatusOptions = {},
+): Promise<ProviderStatus> {
+  const provider = getProvider(providerId);
+  const mode = isExternalToolProvider(provider) ? (options.mode ?? "install") : "default";
+  const cacheKey = `${providerId}:${mode}`;
+  const now = options.now ?? new Date();
+  const skippedByPreference =
+    isExternalToolProvider(provider) &&
+    loadOnboardingState().providers[providerId]?.status === "never_ask";
+
+  if (skippedByPreference && !options.force) {
+    return {
+      providerId,
+      kind: "external-tool",
+      mode: mode as "install" | "session",
+      state: "skipped",
+      installCmd: provider.installCmd,
+      message: `Skipped by user preference; run opencandle doctor --enable ${providerId} to re-enable.`,
+      checkedAt: now.toISOString(),
+      cacheHit: false,
+    };
+  }
+
+  if (!options.force) {
+    const cached = statusCache.get(cacheKey);
+    if (cached && cached.expiresAt > now.getTime()) {
+      return { ...cached.status, cacheHit: true };
+    }
+  }
+
+  let status: ProviderStatus;
+  if (isApiKeyProvider(provider)) {
+    const source = getCredentialSource(provider.id);
+    status = {
+      providerId,
+      kind: "api-key",
+      state: source === "absent" ? "missing" : "configured",
+      credentialSource: source,
+      checkedAt: now.toISOString(),
+      cacheHit: false,
+    };
+  } else if (isExternalToolProvider(provider)) {
+    status = await probeExternalTool(providerId, mode as "install" | "session", {
+      now,
+      commandRunner: options.commandRunner ?? runCommand,
+    });
+  } else if (isPublicHttpProvider(provider)) {
+    status = await probePublicHttp(providerId, {
+      now,
+      fetchImpl: options.fetchImpl ?? fetch,
+    });
+  } else {
+    const exhaustive: never = provider;
+    throw new Error(`Unsupported provider kind: ${JSON.stringify(exhaustive)}`);
+  }
+
+  statusCache.set(cacheKey, { status, expiresAt: now.getTime() + STATUS_TTL_MS });
+  return status;
+}
+
+export async function probeAllProviderStatuses(
+  options: Omit<ProbeProviderStatusOptions, "mode"> = {},
+): Promise<ProviderStatus[]> {
+  const { listAllProviders } = await import("./providers.js");
+  const statuses: ProviderStatus[] = [];
+  for (const provider of listAllProviders()) {
+    statuses.push(await probeProviderStatus(provider.id, options));
+  }
+  return statuses;
+}
+
+export function formatProviderStatus(status: ProviderStatus): string {
+  const provider = getProvider(status.providerId);
+  if (status.kind === "api-key") {
+    return `${provider.displayName}: ${status.state} (${status.credentialSource})`;
+  }
+  if (status.kind === "external-tool") {
+    const suffix = status.message ? ` - ${status.message}` : "";
+    return `${provider.displayName}: ${status.state} (${status.mode})${suffix}`;
+  }
+  const http = status.statusCode === undefined ? "" : ` HTTP ${status.statusCode}`;
+  const suffix = status.message ? ` - ${status.message}` : "";
+  return `${provider.displayName}: ${status.state}${http}${suffix}`;
+}
+
+async function probeExternalTool(
+  providerId: ProviderId,
+  mode: "install" | "session",
+  options: { now: Date; commandRunner: CommandRunner },
+): Promise<ExternalToolProviderStatus> {
+  const provider = getProvider(providerId);
+  if (!isExternalToolProvider(provider)) {
+    throw new Error(`Provider ${providerId} is not an external tool`);
+  }
+
+  const args =
+    mode === "install"
+      ? ["--version"]
+      : (provider.sessionProbeArgs ?? ["feed", "--max", "1", "--json"]);
+  try {
+    const result = await options.commandRunner(provider.binary, args, {
+      timeoutMs: COMMAND_TIMEOUT_MS,
+    });
+    const output = redactSensitiveOutput(`${result.stderr}\n${result.stdout}`.trim());
+
+    if (mode === "install") {
+      return {
+        providerId,
+        kind: "external-tool",
+        mode,
+        state: result.code === 0 ? "installed" : "error",
+        installCmd: provider.installCmd,
+        message: result.code === 0 ? undefined : output,
+        checkedAt: options.now.toISOString(),
+        cacheHit: false,
+      };
+    }
+
+    if (result.code === 0) {
+      const parsed = parseCliEnvelope(result.stdout, provider.binary);
+      const session = classifySessionEnvelope(providerId, parsed);
+      return {
+        providerId,
+        kind: "external-tool",
+        mode,
+        state: session.state,
+        installCmd: provider.installCmd,
+        message: session.message,
+        checkedAt: options.now.toISOString(),
+        cacheHit: false,
+      };
+    }
+
+    return {
+      providerId,
+      kind: "external-tool",
+      mode,
+      state: classifySessionFailure(output),
+      installCmd: provider.installCmd,
+      message: output,
+      checkedAt: options.now.toISOString(),
+      cacheHit: false,
+    };
+  } catch (err) {
+    const nodeError = err as NodeJS.ErrnoException;
+    if (nodeError.code === "ENOENT") {
+      return {
+        providerId,
+        kind: "external-tool",
+        mode,
+        state: "missing",
+        installCmd: provider.installCmd,
+        checkedAt: options.now.toISOString(),
+        cacheHit: false,
+      };
+    }
+    return {
+      providerId,
+      kind: "external-tool",
+      mode,
+      state: "error",
+      installCmd: provider.installCmd,
+      message: redactSensitiveOutput(err instanceof Error ? err.message : String(err)),
+      checkedAt: options.now.toISOString(),
+      cacheHit: false,
+    };
+  }
+}
+
+async function probePublicHttp(
+  providerId: ProviderId,
+  options: { now: Date; fetchImpl: typeof fetch },
+): Promise<PublicHttpProviderStatus> {
+  const provider = getProvider(providerId);
+  if (!isPublicHttpProvider(provider)) {
+    throw new Error(`Provider ${providerId} is not a public HTTP provider`);
+  }
+
+  try {
+    const response = await options.fetchImpl(provider.probeUrl, {
+      method: "GET",
+      signal: AbortSignal.timeout(PUBLIC_HTTP_TIMEOUT_MS),
+    });
+    return {
+      providerId,
+      kind: "public-http",
+      state: response.ok ? "reachable" : "unreachable",
+      statusCode: response.status,
+      checkedAt: options.now.toISOString(),
+      cacheHit: false,
+    };
+  } catch (err) {
+    return {
+      providerId,
+      kind: "public-http",
+      state: "error",
+      message: err instanceof Error ? err.message : String(err),
+      checkedAt: options.now.toISOString(),
+      cacheHit: false,
+    };
+  }
+}
+
+function parseCliEnvelope(
+  stdout: string,
+  binary: string,
+): { ok: boolean; message?: string; data?: unknown } {
+  try {
+    const parsed = JSON.parse(stdout) as {
+      ok?: unknown;
+      data?: unknown;
+      error?: { message?: unknown };
+    };
+    return {
+      ok: parsed.ok === true,
+      data: parsed.data,
+      message:
+        typeof parsed.error?.message === "string"
+          ? redactSensitiveOutput(parsed.error.message)
+          : undefined,
+    };
+  } catch {
+    return { ok: false, message: `${binary} returned non-JSON output` };
+  }
+}
+
+function classifySessionEnvelope(
+  providerId: ProviderId,
+  parsed: { ok: boolean; message?: string; data?: unknown },
+): { state: ExternalToolProviderStatus["state"]; message?: string } {
+  if (!parsed.ok) {
+    return {
+      state: classifySessionFailure(parsed.message),
+      message: parsed.message,
+    };
+  }
+
+  if (providerId === "reddit" && isRecord(parsed.data) && parsed.data.authenticated === false) {
+    return {
+      state: "session_missing",
+      message: "Reddit is not authenticated. Run rdt login.",
+    };
+  }
+
+  return { state: "session_ok" };
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null;
+}
+
+function classifySessionFailure(message: string | undefined): ExternalToolProviderStatus["state"] {
+  const lower = (message ?? "").toLowerCase();
+  if (
+    lower.includes("no twitter cookies") ||
+    lower.includes("no reddit cookies") ||
+    lower.includes("not authenticated") ||
+    lower.includes("no cookies")
+  ) {
+    return "session_missing";
+  }
+  if (lower.includes("401") || lower.includes("unauthorized") || lower.includes("expired")) {
+    return "session_stale";
+  }
+  return "error";
+}
+
+export function redactSensitiveOutput(input: string): string {
+  const xCookieNames =
+    "auth_token|ct0|twid|kdt|guest_id|guest_id_ads|guest_id_marketing|personalization_id";
+  const genericSecretName =
+    "[a-z0-9_]*(?:session|token)[a-z0-9_]*|[a-z0-9_]+cookie[a-z0-9_]*|[a-z0-9_]*cookie[a-z0-9_]+";
+  return input
+    .slice(0, MAX_OUTPUT_CHARS)
+    .replace(/\b(cookie|set-cookie)\s*:\s*[^\r\n]+/gi, "$1: [redacted]")
+    .replace(new RegExp(`\\b(${xCookieNames})\\b\\s*[:=]\\s*[^;\\s,)]+`, "gi"), "$1=[redacted]")
+    .replace(new RegExp(`\\b(${xCookieNames})=([^;\\s,)]+)`, "gi"), "$1=[redacted]")
+    .replace(
+      new RegExp(`\\b(${genericSecretName})\\b\\s*[:=]\\s*[^;\\s,)]+`, "gi"),
+      "$1=[redacted]",
+    )
+    .replace(new RegExp(`\\b(${genericSecretName})=([^;\\s,)]+)`, "gi"), "$1=[redacted]")
+    .replace(
+      /(?:~|\/Users\/[^/\s]+|\/home\/[^/\s]+)?\/\.config\/rdt-cli\/credential\.json/g,
+      "[redacted-credential-path]",
+    );
+}
+
+export const runCommand: CommandRunner = (command, args, options) =>
+  new Promise((resolve, reject) => {
+    const child = spawn(command, [...args], { stdio: ["ignore", "pipe", "pipe"] });
+    let stdout = "";
+    let stderr = "";
+    let settled = false;
+
+    const timeout = setTimeout(() => {
+      if (settled) return;
+      settled = true;
+      child.kill("SIGTERM");
+      reject(new Error(`${command} timed out after ${options?.timeoutMs ?? COMMAND_TIMEOUT_MS}ms`));
+    }, options?.timeoutMs ?? COMMAND_TIMEOUT_MS);
+
+    child.stdout.on("data", (chunk: Buffer) => {
+      stdout = (stdout + chunk.toString("utf8")).slice(0, MAX_OUTPUT_CHARS);
+    });
+    child.stderr.on("data", (chunk: Buffer) => {
+      stderr = (stderr + chunk.toString("utf8")).slice(0, MAX_OUTPUT_CHARS);
+    });
+    child.on("error", (err) => {
+      if (settled) return;
+      settled = true;
+      clearTimeout(timeout);
+      reject(err);
+    });
+    child.on("close", (code) => {
+      if (settled) return;
+      settled = true;
+      clearTimeout(timeout);
+      resolve({ code, stdout, stderr });
+    });
+  });

package/src/onboarding/providers.ts

@@ -1,23 +1,33 @@
-// Provider registry — single source of truth for OpenCandle's credentialed
-// third-party data providers. Every setup pathway iterates this registry:
+// Provider registry — single source of truth for OpenCandle's third-party
+// data providers. Every setup/status pathway iterates this registry:
 // first-run startup, the `/connect` command, the `tool_result` credential
-// interception handler, and the gap-note generator all read from here.
+// interception handler, GUI provider rows, doctor checks, and gap-note
+// generation all read from here.
 //
-// Adding a new credentialed provider is a two-step change: add its `ProviderId`
-// to the literal union below, and add its descriptor to the `PROVIDERS` array.
-// The `satisfies` check ensures TypeScript fails the build if the union and
-// the array ever disagree.
+// Adding a new provider is a two-step change: add its id to the relevant
+// literal union below, and add its descriptor to the `PROVIDERS` array. The
+// `satisfies` and exhaustiveness checks keep the registry and id unions aligned.
 
 import { getConfig, loadFileConfig } from "../config.js";
 
-export type ProviderId = "alpha_vantage" | "fred" | "finnhub" | "brave" | "exa";
+export type ApiKeyProviderId = "alpha_vantage" | "fred" | "finnhub" | "brave" | "exa";
+export type ExternalToolProviderId = "twitter" | "reddit";
+export type PublicHttpProviderId = "yahoo";
+export type ProviderId = ApiKeyProviderId | ExternalToolProviderId | PublicHttpProviderId;
 
-export type ProviderCategory = "fundamentals" | "macro" | "news" | "web_search";
+export type ProviderCategory =
+  | "fundamentals"
+  | "macro"
+  | "news"
+  | "web_search"
+  | "sentiment"
+  | "market";
 
 export type ProviderTier = "hard" | "soft";
 
-export interface ProviderDescriptor {
+interface BaseProviderDescriptor {
   readonly id: ProviderId;
+  readonly kind: "api-key" | "external-tool" | "public-http";
   readonly displayName: string;
   readonly category: ProviderCategory;
   /**
@@ -30,11 +40,6 @@ export interface ProviderDescriptor {
   readonly tier: ProviderTier;
   /** Lowercase friendly aliases accepted by `/connect` in addition to the id. */
   readonly aliases: readonly string[];
-  readonly signupUrl: string;
-  readonly freeTier: boolean;
-  readonly envVar: string;
-  /** Nested key path into `OpenCandleFileConfig` where the key is persisted. */
-  readonly configPath: readonly string[];
   readonly unlocks: readonly string[];
   /**
    * Human copy describing the degraded experience when missing, or `null`
@@ -45,11 +50,43 @@ export interface ProviderDescriptor {
   readonly instructionsHint: string;
 }
 
+export interface ApiKeyProviderDescriptor extends BaseProviderDescriptor {
+  readonly id: ApiKeyProviderId;
+  readonly kind: "api-key";
+  readonly signupUrl: string;
+  readonly freeTier: boolean;
+  readonly envVar: string;
+  /** Nested key path into `OpenCandleFileConfig` where the key is persisted. */
+  readonly configPath: readonly string[];
+}
+
+export interface ExternalToolProviderDescriptor extends BaseProviderDescriptor {
+  readonly id: ExternalToolProviderId;
+  readonly kind: "external-tool";
+  readonly binary: string;
+  readonly installCmd: string;
+  readonly sessionSource: "browser-cookies";
+  readonly supportedBrowsers?: readonly string[];
+  readonly sessionProbeArgs?: readonly string[];
+}
+
+export interface PublicHttpProviderDescriptor extends BaseProviderDescriptor {
+  readonly id: PublicHttpProviderId;
+  readonly kind: "public-http";
+  readonly probeUrl: string;
+}
+
+export type ProviderDescriptor =
+  | ApiKeyProviderDescriptor
+  | ExternalToolProviderDescriptor
+  | PublicHttpProviderDescriptor;
+
 // Declaration order matters: picker display order, per-workflow prompt priority,
 // getProvidersByCategory/getProvidersByTier iteration order.
 export const PROVIDERS = [
   {
     id: "alpha_vantage",
+    kind: "api-key",
     displayName: "Alpha Vantage",
     category: "fundamentals",
     tier: "hard",
@@ -70,6 +107,7 @@ export const PROVIDERS = [
   },
   {
     id: "fred",
+    kind: "api-key",
     displayName: "FRED",
     category: "macro",
     tier: "hard",
@@ -85,6 +123,7 @@ export const PROVIDERS = [
   },
   {
     id: "finnhub",
+    kind: "api-key",
     displayName: "Finnhub",
     category: "news",
     tier: "soft",
@@ -104,6 +143,7 @@ export const PROVIDERS = [
   },
   {
     id: "brave",
+    kind: "api-key",
     displayName: "Brave Search",
     category: "web_search",
     tier: "soft",
@@ -123,6 +163,7 @@ export const PROVIDERS = [
   },
   {
     id: "exa",
+    kind: "api-key",
     displayName: "Exa",
     category: "web_search",
     tier: "soft",
@@ -147,8 +188,64 @@ export const PROVIDERS = [
     snoozeDurationDays: 7,
     instructionsHint: "Paid with free tier, signup opens in your browser",
   },
+  {
+    id: "yahoo",
+    kind: "public-http",
+    displayName: "Yahoo Finance",
+    category: "market",
+    tier: "hard",
+    aliases: ["yahoo", "yahoo-finance", "market-data", "options"],
+    probeUrl: "https://query1.finance.yahoo.com/v8/finance/chart/SPY?interval=1d&range=1d",
+    unlocks: ["quotes", "historical prices", "option chains", "market data"],
+    fallbackDescription: null,
+    snoozeDurationDays: 7,
+    instructionsHint: "No account needed; OpenCandle checks public Yahoo Finance reachability",
+  },
+  {
+    id: "twitter",
+    kind: "external-tool",
+    displayName: "X / Twitter",
+    category: "sentiment",
+    tier: "soft",
+    aliases: ["twitter", "x", "x-sentiment", "twitter-sentiment"],
+    binary: "twitter",
+    installCmd: "uv tool install twitter-cli",
+    sessionSource: "browser-cookies",
+    sessionProbeArgs: ["feed", "--max", "1", "--json"],
+    supportedBrowsers: ["Chrome", "Arc", "Edge", "Firefox", "Brave"],
+    unlocks: ["X/Twitter sentiment", "recent ticker mentions", "social engagement context"],
+    fallbackDescription:
+      "Sentiment summaries continue with Reddit, web search, and news when X is unavailable",
+    snoozeDurationDays: 7,
+    instructionsHint: "Install twitter-cli and stay logged into x.com in a supported browser",
+  },
+  {
+    id: "reddit",
+    kind: "external-tool",
+    displayName: "Reddit",
+    category: "sentiment",
+    tier: "soft",
+    aliases: ["reddit", "reddit-sentiment", "subreddit"],
+    binary: "rdt",
+    installCmd: "uv tool install rdt-cli",
+    sessionSource: "browser-cookies",
+    supportedBrowsers: ["Chrome", "Arc", "Edge", "Firefox", "Brave"],
+    sessionProbeArgs: ["status", "--json"],
+    unlocks: ["Reddit sentiment", "ticker discussion context", "retail investor discussion"],
+    fallbackDescription:
+      "Sentiment summaries continue with X/Twitter, web search, and news when Reddit is unavailable",
+    snoozeDurationDays: 7,
+    instructionsHint: "Install rdt-cli and stay logged into reddit.com in a supported browser",
+  },
 ] as const satisfies readonly ProviderDescriptor[];
 
+const _providerIdExhaustivenessCheck: Record<
+  | Exclude<ProviderId, (typeof PROVIDERS)[number]["id"]>
+  | Exclude<(typeof PROVIDERS)[number]["id"], ProviderId>,
+  never
+> = {};
+void _providerIdExhaustivenessCheck;
+
 // -----------------------------------------------------------------------------
 // Lookup helpers
 // -----------------------------------------------------------------------------
@@ -169,6 +266,28 @@ export function listAllProviders(): readonly ProviderDescriptor[] {
   return PROVIDERS;
 }
 
+export function isApiKeyProvider(
+  provider: ProviderDescriptor,
+): provider is ApiKeyProviderDescriptor {
+  return provider.kind === "api-key";
+}
+
+export function isExternalToolProvider(
+  provider: ProviderDescriptor,
+): provider is ExternalToolProviderDescriptor {
+  return provider.kind === "external-tool";
+}
+
+export function isPublicHttpProvider(
+  provider: ProviderDescriptor,
+): provider is PublicHttpProviderDescriptor {
+  return provider.kind === "public-http";
+}
+
+export function listApiKeyProviders(): readonly ApiKeyProviderDescriptor[] {
+  return (PROVIDERS as readonly ProviderDescriptor[]).filter(isApiKeyProvider);
+}
+
 export function getProvider(id: ProviderId): ProviderDescriptor {
   const found = byId().get(id);
   if (!found) {
@@ -209,7 +328,7 @@ function readConfigValueByPath(
 // `hasCredential` reads from `getConfig()` so that tests mocking `getConfig`
 // see a consistent view; `getCredentialSource` reads `process.env` +
 // `loadFileConfig` directly because it needs to distinguish env from file.
-const CONFIG_FIELD_BY_ID: Record<ProviderId, keyof ReturnType<typeof getConfig>> = {
+const CONFIG_FIELD_BY_ID: Record<ApiKeyProviderId, keyof ReturnType<typeof getConfig>> = {
   alpha_vantage: "alphaVantageApiKey",
   fred: "fredApiKey",
   finnhub: "finnhubApiKey",
@@ -218,7 +337,9 @@ const CONFIG_FIELD_BY_ID: Record<ProviderId, keyof ReturnType<typeof getConfig>>
 };
 
 export function hasCredential(id: ProviderId): boolean {
-  const field = CONFIG_FIELD_BY_ID[id];
+  const descriptor = getProvider(id);
+  if (!isApiKeyProvider(descriptor)) return false;
+  const field = CONFIG_FIELD_BY_ID[descriptor.id];
   const value = getConfig()[field];
   return typeof value === "string" && value.length > 0;
 }
@@ -231,6 +352,8 @@ export function getCredential(
   id: ProviderId,
 ): { source: "env" | "file"; value: string } | { source: "absent"; value?: undefined } {
   const descriptor = getProvider(id);
+  if (!isApiKeyProvider(descriptor)) return { source: "absent" };
+
   const envValue = process.env[descriptor.envVar];
   if (envValue && envValue.length > 0) return { source: "env", value: envValue };
 
@@ -265,7 +388,14 @@ export function resolveProviderFromArgument(
   // 3. Category match: if the needle matches a category name, return the
   //    providers in that category. One match → single descriptor. Multiple
   //    matches → array (triggers the sub-picker in the /connect handler).
-  const categories: readonly ProviderCategory[] = ["fundamentals", "macro", "news", "web_search"];
+  const categories: readonly ProviderCategory[] = [
+    "fundamentals",
+    "macro",
+    "news",
+    "web_search",
+    "sentiment",
+    "market",
+  ];
   const normalizedCategory = needle.replace("-", "_");
   if ((categories as readonly string[]).includes(normalizedCategory)) {
     const group = getProvidersByCategory(normalizedCategory as ProviderCategory);

package/src/onboarding/state.ts

@@ -155,6 +155,15 @@ export function markProviderNeverAsk(state: OnboardingState, id: ProviderId): On
   };
 }
 
+export function clearProviderOnboardingEntry(
+  state: OnboardingState,
+  id: ProviderId,
+): OnboardingState {
+  const providers = { ...state.providers };
+  delete providers[id];
+  return { ...state, providers };
+}
+
 export function markWelcomeShown(state: OnboardingState): OnboardingState {
   return { ...state, welcomeShownAt: nowIso() };
 }