orcommit 1.2.21 → 1.2.23

package/README.md

@@ -1,181 +1,217 @@
 # ORCommit
 
-### AI-powered Git commits with security, standards, and full control
+### AI-powered git commit messages — secure, conventional, multi-provider
 
 <p align="center">
   <img src="https://unpkg.com/orcommit@latest/preview.png" alt="ORCommit Banner" width="600" />
 </p>
 
-> Generate **accurate, conventional, and secure** git commit messages using **OpenAI, Claude, OpenRouter, or local models (Ollama)**.
-
 ```bash
 git add .
 orc commit
 ```
 
-✔ Conventional Commits
-✔ Secret scanning (Gitleaks)
-✔ Cloud & local AI
-✔ Zero-config to start
+ORCommit reads your staged diff and writes a clean, [Conventional Commit](https://www.conventionalcommits.org/) message for you — using OpenRouter, OpenAI, a local model (Ollama), or any OpenAI-compatible API. It scans for secrets before committing, so you don't leak keys into git history.
 
 <p align="center">
   <a href="https://badge.fury.io/js/orcommit"><img src="https://badge.fury.io/js/orcommit.svg" alt="npm version"></a>
-  <a href="https://github.com/ellerbrock/typescript-badges/"><img src="https://badges.frapsoft.com/typescript/code/typescript.svg?v=101" alt="TypeScript"></a>
   <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
 </p>
 
 ---
 
-## TL;DR
+## Install
 
-**ORCommit** is a production-grade CLI that:
+```bash
+npm install -g orcommit
+```
 
-* analyzes your staged git diff
-* generates a high-quality commit message via LLMs
-* enforces Conventional Commits
-* blocks secrets and dependency folders **before** commit
-* works with both **cloud and local** AI models
+> **Never use `sudo npm install -g`.** A root-owned install breaks every later
+> update with `EACCES`. If the install asks for elevated permissions, fix your
+> npm prefix once (no sudo ever again):
+>
+> ```bash
+> mkdir -p ~/.npm-global
+> npm config set prefix ~/.npm-global
+> echo 'export PATH="$HOME/.npm-global/bin:$PATH"' >> ~/.zshrc
+> source ~/.zshrc
+> ```
 
-If you care about **clean history, security, and standards** — this tool is for you.
+Update with `npm install -g orcommit@latest`. ORCommit tells you when a new
+version exists — it never auto-installs and never asks for sudo.
 
 ---
 
-## ✨ Key Features
+## Setup (60 seconds)
 
-### 🤖 AI Providers
+Pick a provider and give it a key.
 
-* OpenRouter (200+ models — Gemini, Claude, GPT, and more)
-* OpenAI (GPT‑4o, GPT‑4o‑mini)
-* Local models via **Ollama** (offline & private)
+**OpenRouter** (recommended — 200+ models, one key):
 
-Sensible defaults out of the box: `google/gemini-2.5-flash-lite` on OpenRouter
-(cheap, fast, great structured output) and `gpt-4o-mini` on OpenAI.
+```bash
+orc config set openrouter YOUR_API_KEY
+```
 
-### 🧠 Smart Commit Generation
+**OpenAI:**
 
-* **Schema-constrained output** — the model is forced to return valid structured
-  JSON (json_schema / constrained decoding), so responses don't need brittle parsing
-* **Grounded in your diff** — messages describe only what the diff actually shows,
-  no invented or boilerplate changes
-* Token-aware diff chunking (large repos supported)
-* Interactive regeneration with feedback
-* Custom prompts & project context
-* Conventional Commits by default
+```bash
+orc config set openai YOUR_API_KEY
+```
+
+Then commit:
+
+```bash
+git add .
+orc commit
+```
 
-### 🔐 Security by Default
+That's it. **Whichever provider you configure last becomes the active one** —
+configure a key (or a custom provider), and it's immediately used. You normally
+keep just one active provider and never think about it.
 
-* Secret scanning via **Gitleaks** (100+ patterns)
-* Blocks API keys, tokens, private keys
-* Prevents committing `node_modules/`, `vendor/`, etc.
-* Secure API key storage (600 permissions)
+---
 
-### ⚙️ Git-Native Workflow
+## How it works
 
-* Breaking change detection
-* Optional push after commit
-* Git hooks support
+When you run `orc commit`, ORCommit:
 
-### ⚡ Fast & Reliable
+1. **Reads** your staged diff (`git add` first — it only looks at staged changes).
+2. **Scans** it for secrets with Gitleaks. If it finds an API key, token, or
+   private key, it **stops** — nothing is committed.
+3. **Sends** the diff to your AI provider, which returns a structured commit
+   message (schema-constrained JSON, so no brittle text parsing).
+4. **Shows** you the message. You confirm, regenerate with feedback, or edit it.
+5. **Commits** (and optionally pushes).
 
-* Per-repository memory + disk cache (no cross-project message bleed)
-* Parallel API calls
-* Strict TypeScript + comprehensive tests
+Large diffs are chunked automatically, and messages are cached per-repository so
+the same diff isn't re-billed.
 
 ---
 
-## 🚀 Quick Start
+## Everyday commands
 
 ```bash
-npm install -g orcommit
-orc config set openrouter YOUR_API_KEY
-
-git add .
-orc commit
+orc commit                  # interactive — review before committing
+orc commit -y               # auto-confirm, skip the prompt
+orc commit -p openai        # use a specific provider for this commit
+orc commit --dry-run        # generate the message, don't commit
+orc commit --context "..."  # give the AI extra context
+orc commit --emoji          # gitmoji style
+orc commit --breaking       # mark as a breaking change
 ```
 
-That’s it.
+| Command | What it does |
+|---|---|
+| `orc commit` | Generate and create a commit |
+| `orc config` | Manage providers and settings |
+| `orc test [provider]` | Check a provider's connection works |
+| `orc doctor` | Diagnose install / PATH / update problems |
+| `orc cache` | Manage the commit-message cache |
 
-> **Don't use `sudo npm install -g`.** A root-owned global install creates files
-> that break every later (non-sudo) update with `EACCES`. If `npm install -g`
-> asks for elevated permissions, your npm prefix is system-owned — fix it once
-> with a user-owned prefix (no sudo ever again):
->
-> ```bash
-> mkdir -p ~/.npm-global
-> npm config set prefix ~/.npm-global
-> echo 'export PATH="$HOME/.npm-global/bin:$PATH"' >> ~/.zshrc
-> source ~/.zshrc
-> ```
+Full flag list: `orc commit --help`.
+
+---
+
+## Managing providers
 
-### Updating
+See everything that's configured:
 
 ```bash
-npm install -g orcommit@latest
+orc config get              # all providers + the current default
+orc config path             # where the config file lives
 ```
 
-orc also tells you when a newer version is available. It never auto-installs and
-never asks for sudo.
+Set or change a key / model on an existing provider:
 
-### Troubleshooting
+```bash
+orc config set <provider> <api-key>
+orc config model <provider> <model>
+```
 
-If `orc` reports the wrong version, won't update, or you suspect duplicate
-installs, run the built-in diagnostic — it inspects your npm prefix, every `orc`
-on your `PATH`, and the installed-vs-latest version, then prints exact fixes:
+Add **any OpenAI-compatible endpoint** as a custom provider:
 
 ```bash
-orc doctor
+orc config provider <name> \
+  --base-url <url> \
+  --key <api-key> \
+  --model <model> \
+  --auth-header <header>   # optional — default: Authorization
+  --auth-scheme <scheme>   # optional — default: Bearer (pass "" to send the key raw)
 ```
 
----
+> Custom providers **must** set `--model`. ORCommit only ships default models for
+> the built-in `openrouter` and `openai` providers — it can't guess a third
+> party's catalog.
 
-## 🛠 Common Commands
+Use a provider for one commit, or remove it:
 
 ```bash
-orc commit                 # interactive commit
-orc commit --yes           # auto-confirm
-orc commit --context "..." # extra context
-orc commit --emoji         # gitmoji
-orc commit --breaking      # breaking change
-orc commit --dry-run       # preview only
-orc doctor                 # diagnose install / PATH / update issues
+orc commit -p <name>
+orc config remove-provider <name>     # can't remove the current default — switch first
 ```
 
-👉 [Full CLI reference](https://github.com/markolofsen/openrouter-commit/blob/main/docs/cli.md)
+### Switching the active provider
 
----
+Configuring a provider already makes it active, so usually there's nothing to
+do. To switch back to an already-configured provider (e.g. your default ran out
+of credit and you want to use another one you'd set up earlier):
 
-## 🔐 Security Highlights
+```bash
+orc config default <name>
+```
 
-ORCommit includes **mandatory security checks**:
+Or pass `-p <name>` on a single commit without changing the active provider.
 
-* 🔍 Secret scanning via **Gitleaks**
-* 🚫 Blocks API keys, tokens, private keys
-* 🚫 Prevents committing dependency folders
+Removing the active provider automatically falls back to another configured one
+— you never end up with the default pointing at a provider that's gone.
 
-These checks run **before** commit creation and cannot be bypassed accidentally.
+---
 
-👉 [Security details](https://github.com/markolofsen/openrouter-commit/blob/main/docs/security.md)
+## Example: a custom provider (cmdop)
 
----
+[cmdop](https://cmdop.com)'s router is OpenAI-compatible but authenticates with
+an `X-API-Key` header (not `Authorization: Bearer`) and uses model aliases like
+`@cheap` / `@fast` / `@balanced` / `@smart`:
 
-## 💡 Who Is ORCommit For?
+```bash
+orc config provider cmdop \
+  --base-url https://router.cmdop.com/v1 \
+  --key YOUR_CMDOP_API_KEY \
+  --model @fast \
+  --auth-header X-API-Key
 
-* **Teams** — enforce commit standards automatically
-* **Open Source** — keep contribution quality high
-* **Enterprise** — prevent leaks and ensure compliance
+orc commit -p cmdop
+```
+
+This adds an entry to `~/.config/orcommit.json`:
+
+```json
+{
+  "providers": {
+    "cmdop": {
+      "baseUrl": "https://router.cmdop.com/v1",
+      "apiKey": "YOUR_CMDOP_API_KEY",
+      "model": "@fast",
+      "authHeader": "X-API-Key"
+    }
+  }
+}
+```
+
+Because `authHeader` isn't `Authorization`, the key is sent **raw** (no `Bearer`
+prefix). For endpoints that use bearer auth with a non-standard scheme, use
+`--auth-scheme` instead.
 
 ---
 
-## ⚙️ Configuration
+## Configuration
 
-Config is stored at `~/.config/orcommit.json` (permissions `600`).
+Config lives at `~/.config/orcommit.json` (permissions `600`). A minimal file:
 
 ```json
 {
   "providers": {
-    "openrouter": {
-      "model": "google/gemini-2.5-flash-lite"
-    }
+    "openrouter": { "model": "google/gemini-2.5-flash-lite" }
   },
   "preferences": {
     "defaultProvider": "openrouter",
@@ -186,47 +222,42 @@ Config is stored at `~/.config/orcommit.json` (permissions `600`).
 ```
 
 > A low `temperature` (default `0.3`) keeps messages grounded in the actual diff
-> and avoids drifting into generic, memorized phrasings.
+> instead of drifting into generic phrasing.
 
-Environment variables are also supported:
+API keys can also come from the environment:
 
 ```bash
 export OPENROUTER_API_KEY="your-key"
 export OPENAI_API_KEY="your-key"
 ```
 
----
-
-## 📚 Documentation
-
-* [CLI Reference](https://github.com/markolofsen/openrouter-commit/blob/main/docs/cli.md)
-* [Security Model](https://github.com/markolofsen/openrouter-commit/blob/main/docs/security.md)
-* [Architecture](https://github.com/markolofsen/openrouter-commit/blob/main/docs/architecture.md)
-* [Advanced Usage](https://github.com/markolofsen/openrouter-commit/blob/main/docs/advanced.md)
+Defaults out of the box: `google/gemini-2.5-flash-lite` on OpenRouter (cheap,
+fast, good structured output) and `gpt-4o-mini` on OpenAI.
 
 ---
 
-## 🤝 Contributing
+## Troubleshooting
 
-1. Fork the repository
-2. Create a feature branch
-3. Add tests
-4. Submit a pull request
+| Problem | Fix |
+|---|---|
+| `402 Insufficient credits` | Your provider is out of credit. Top up, switch with `orc config default <name>`, or commit once via `-p <name>`. |
+| Wrong version / won't update / duplicate installs | Run `orc doctor`. |
+| Provider not responding | Run `orc test <provider>` to check the connection. |
 
 ---
 
-## 🏢 About the Maintainers
+## Documentation
 
-ORCommit is built and maintained by **[Reforms.ai](https://reforms.ai)** — a team specializing in AI-powered developer tools.
-
-Commercial support, consulting, and custom AI integrations are available.
+* [CLI Reference](https://github.com/markolofsen/openrouter-commit/blob/main/docs/cli.md)
+* [Security Model](https://github.com/markolofsen/openrouter-commit/blob/main/docs/security.md)
+* [Architecture](https://github.com/markolofsen/openrouter-commit/blob/main/docs/architecture.md)
+* [Advanced Usage](https://github.com/markolofsen/openrouter-commit/blob/main/docs/advanced.md)
 
 ---
 
-## 📄 License
+## About
 
-MIT License — see [LICENSE](LICENSE).
-
----
+ORCommit is built and maintained by **[Reforms.ai](https://reforms.ai)**.
+Commercial support and custom AI integrations are available.
 
-Built with ❤️ using TypeScript and modern AI tooling.
+MIT License — see [LICENSE](LICENSE).

package/dist/cli.d.ts

@@ -25,6 +25,18 @@ declare class CliApplication {
      * Handle model configuration command
      */
     private handleConfigModel;
+    /**
+     * Handle full custom-provider configuration in one call
+     */
+    private handleConfigProvider;
+    /**
+     * Handle removing a configured provider
+     */
+    private handleConfigRemoveProvider;
+    /**
+     * Handle setting the active (default) provider
+     */
+    private handleConfigDefault;
     /**
      * Handle custom prompt configuration
      */
@@ -61,12 +73,15 @@ declare class CliApplication {
      * Validate commit type
      */
     private validateCommitType;
+    private static readonly PROVIDER_NAME_RE;
     /**
-     * Validate provider
+     * Validate provider name (commander option parser). Accepts any
+     * syntactically valid provider identifier.
      */
     private validateProvider;
     /**
-     * Check if provider is valid
+     * Check whether a provider name is syntactically valid (not whether it is
+     * one of the built-ins — any registered provider is allowed).
      */
     private isValidProvider;
     /**

package/dist/cli.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAiBA;;GAEG;AACH,cAAM,cAAc;IAClB,OAAO,CAAC,OAAO,CAAU;;IAQzB;;OAEG;IACH,OAAO,CAAC,aAAa;IAoJrB;;OAEG;YACW,mBAAmB;IAwBjC;;OAEG;YACW,eAAe;IAgB7B;;OAEG;YACW,eAAe;IA0C7B;;OAEG;YACW,iBAAiB;IAgB/B;;OAEG;YACW,kBAAkB;IAkBhC;;OAEG;YACW,iBAAiB;IA+B/B;;OAEG;YACW,mBAAmB;IAYjC;;OAEG;YACW,eAAe;IAQ7B;;OAEG;YACW,gBAAgB;IAmB9B;;OAEG;YACW,gBAAgB;IAc9B;;OAEG;YACW,kBAAkB;IAchC;;OAEG;YACW,eAAe;IAgB7B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAa1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAOxB;;OAEG;IACH,OAAO,CAAC,eAAe;IAIvB;;OAEG;IACG,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;CAqC3B;AASD,OAAO,EAAE,cAAc,EAAE,CAAC"}
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAiBA;;GAEG;AACH,cAAM,cAAc;IAClB,OAAO,CAAC,OAAO,CAAU;;IAQzB;;OAEG;IACH,OAAO,CAAC,aAAa;IA8KrB;;OAEG;YACW,mBAAmB;IAwBjC;;OAEG;YACW,eAAe;IAgB7B;;OAEG;YACW,eAAe;IAmD7B;;OAEG;YACW,iBAAiB;IAgB/B;;OAEG;YACW,oBAAoB;IA0BlC;;OAEG;YACW,0BAA0B;IAgBxC;;OAEG;YACW,mBAAmB;IAgBjC;;OAEG;YACW,kBAAkB;IAkBhC;;OAEG;YACW,iBAAiB;IA+B/B;;OAEG;YACW,mBAAmB;IAYjC;;OAEG;YACW,eAAe;IAQ7B;;OAEG;YACW,gBAAgB;IAmB9B;;OAEG;YACW,gBAAgB;IAc9B;;OAEG;YACW,kBAAkB;IAchC;;OAEG;YACW,eAAe;IAgB7B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAgB1B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAsB;IAE9D;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAOxB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAIvB;;OAEG;IACG,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;CAqC3B;AASD,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/cli.js

@@ -40,7 +40,7 @@ class CliApplication {
             // NOTE: no -v short flag here — -v is reserved program-wide for --version.
             .option('--verbose', 'Enable verbose logging', false)
             .option('-w, --watch', 'Watch for changes and auto-generate commits', false)
-            .option('-p, --provider <provider>', 'Specify AI provider (openrouter|openai)', this.validateProvider)
+            .option('-p, --provider <provider>', 'Specify AI provider (any configured provider)', this.validateProvider)
             // Extended formatting options
             .option('--emoji', 'Include emoji in commit message', false)
             .option('--one-line', 'Generate single-line commit message', false)
@@ -69,7 +69,7 @@ class CliApplication {
             .description('Manage configuration settings');
         configCmd
             .command('set <provider> <key>')
-            .description('Set API key for provider (openrouter|openai)')
+            .description('Set API key for a provider (creates it if new)')
             .action(async (provider, key) => {
             await this.handleConfigSet(provider, key);
         });
@@ -85,6 +85,29 @@ class CliApplication {
             .action(async (provider, model) => {
             await this.handleConfigModel(provider, model);
         });
+        configCmd
+            .command('provider <name>')
+            .description('Configure a custom provider (baseUrl, key, model, auth header)')
+            .option('--base-url <url>', 'API base URL (e.g. https://router.cmdop.com/v1)')
+            .option('--key <key>', 'API key')
+            .option('--model <model>', 'Default model (e.g. @fast)')
+            .option('--auth-header <header>', "Auth header name (default 'Authorization'; use 'X-API-Key' for cmdop)")
+            .option('--auth-scheme <scheme>', "Scheme prefix for Authorization header (default 'Bearer'; pass empty to send raw)")
+            .action(async (name, opts) => {
+            await this.handleConfigProvider(name, opts);
+        });
+        configCmd
+            .command('remove-provider <name>')
+            .description('Remove a configured provider')
+            .action(async (name) => {
+            await this.handleConfigRemoveProvider(name);
+        });
+        configCmd
+            .command('default <name>')
+            .description('Set the active (default) provider')
+            .action(async (name) => {
+            await this.handleConfigDefault(name);
+        });
         configCmd
             .command('prompt [text]')
             .description('Set or clear custom system prompt (omit text to clear)')
@@ -182,7 +205,7 @@ class CliApplication {
     async handleConfigSet(provider, key) {
         try {
             if (!this.isValidProvider(provider)) {
-                logger.error(`Invalid provider: ${provider}. Must be 'openrouter' or 'openai'`);
+                logger.error(`Invalid provider name: ${provider}`);
                 process.exit(1);
             }
             await configManager.setApiKey(provider, key);
@@ -201,32 +224,38 @@ class CliApplication {
             const config = await configManager.load();
             if (provider) {
                 if (!this.isValidProvider(provider)) {
-                    logger.error(`Invalid provider: ${provider}. Must be 'openrouter' or 'openai'`);
+                    logger.error(`Invalid provider name: ${provider}`);
                     process.exit(1);
                 }
-                const providerKey = provider;
-                const maskedKey = await configManager.getMaskedApiKey(providerKey);
-                const model = config.providers[providerKey].model || 'default';
+                const maskedKey = await configManager.getMaskedApiKey(provider);
+                const providerConfig = config.providers[provider];
+                const model = providerConfig?.model || 'default';
                 logger.table({
                     Provider: provider,
                     'API Key': maskedKey,
                     Model: model,
+                    'Base URL': providerConfig?.baseUrl || 'default',
+                    'Auth Header': providerConfig?.authHeader || 'Authorization',
                 });
             }
             else {
-                // Show all configuration
-                const openrouterKey = await configManager.getMaskedApiKey('openrouter');
-                const openaiKey = await configManager.getMaskedApiKey('openai');
-                logger.table({
+                // Show all configuration — iterate over every configured provider.
+                const providers = await configManager.listProviders();
+                const table = {
                     'Default Provider': config.preferences.defaultProvider,
-                    'OpenRouter API Key': openrouterKey,
-                    'OpenAI API Key': openaiKey,
-                    'Max Tokens': config.preferences.maxTokens,
-                    'Temperature': config.preferences.temperature,
-                    'Auto Confirm': config.preferences.autoConfirm,
-                    'Language': config.preferences.language,
-                    'Format': config.preferences.commitFormat,
-                });
+                };
+                for (const name of providers) {
+                    const maskedKey = await configManager.getMaskedApiKey(name);
+                    const model = config.providers[name]?.model || 'default';
+                    table[`${name} API Key`] = maskedKey;
+                    table[`${name} Model`] = model;
+                }
+                table['Max Tokens'] = config.preferences.maxTokens;
+                table['Temperature'] = config.preferences.temperature;
+                table['Auto Confirm'] = config.preferences.autoConfirm;
+                table['Language'] = config.preferences.language;
+                table['Format'] = config.preferences.commitFormat;
+                logger.table(table);
             }
         }
         catch (error) {
@@ -240,7 +269,7 @@ class CliApplication {
     async handleConfigModel(provider, model) {
         try {
             if (!this.isValidProvider(provider)) {
-                logger.error(`Invalid provider: ${provider}. Must be 'openrouter' or 'openai'`);
+                logger.error(`Invalid provider name: ${provider}`);
                 process.exit(1);
             }
             await configManager.setModel(provider, model);
@@ -251,6 +280,63 @@ class CliApplication {
             process.exit(1);
         }
     }
+    /**
+     * Handle full custom-provider configuration in one call
+     */
+    async handleConfigProvider(name, opts) {
+        try {
+            if (!this.isValidProvider(name)) {
+                logger.error(`Invalid provider name: ${name}`);
+                process.exit(1);
+            }
+            await configManager.setProvider(name, {
+                baseUrl: opts.baseUrl,
+                apiKey: opts.key,
+                model: opts.model,
+                authHeader: opts.authHeader,
+                authScheme: opts.authScheme,
+            });
+            logger.success(`Provider '${name}' configured`);
+        }
+        catch (error) {
+            logger.error('Failed to configure provider', error);
+            process.exit(1);
+        }
+    }
+    /**
+     * Handle removing a configured provider
+     */
+    async handleConfigRemoveProvider(name) {
+        try {
+            if (!this.isValidProvider(name)) {
+                logger.error(`Invalid provider name: ${name}`);
+                process.exit(1);
+            }
+            await configManager.removeProvider(name);
+            logger.success(`Provider '${name}' removed`);
+        }
+        catch (error) {
+            logger.error('Failed to remove provider', error);
+            process.exit(1);
+        }
+    }
+    /**
+     * Handle setting the active (default) provider
+     */
+    async handleConfigDefault(name) {
+        try {
+            if (!this.isValidProvider(name)) {
+                logger.error(`Invalid provider name: ${name}`);
+                process.exit(1);
+            }
+            await configManager.setDefaultProvider(name);
+            logger.success(`Active provider set to '${name}'`);
+        }
+        catch (error) {
+            logger.error('Failed to set default provider', error);
+            process.exit(1);
+        }
+    }
     /**
      * Handle custom prompt configuration
      */
@@ -281,7 +367,7 @@ class CliApplication {
             const config = await configManager.load();
             const testProvider = provider || config.preferences.defaultProvider;
             if (!this.isValidProvider(testProvider)) {
-                logger.error(`Invalid provider: ${testProvider}. Must be 'openrouter' or 'openai'`);
+                logger.error(`Invalid provider name: ${testProvider}`);
                 process.exit(1);
             }
             const progress = logger.startProgress(`Testing ${testProvider} connection...`);
@@ -406,20 +492,26 @@ class CliApplication {
         }
         return value;
     }
+    // Syntactically valid provider name: non-empty, alphanumerics, dashes,
+    // underscores. Provider is now an open dictionary, so this is a soft-format
+    // check, not a whitelist of two literals.
+    static PROVIDER_NAME_RE = /^[a-zA-Z0-9_-]+$/;
     /**
-     * Validate provider
+     * Validate provider name (commander option parser). Accepts any
+     * syntactically valid provider identifier.
      */
     validateProvider(value) {
-        if (value !== 'openrouter' && value !== 'openai') {
-            throw new Error(`Invalid provider: ${value}. Must be 'openrouter' or 'openai'`);
+        if (!value || !CliApplication.PROVIDER_NAME_RE.test(value)) {
+            throw new Error(`Invalid provider name: ${value}`);
         }
         return value;
     }
     /**
-     * Check if provider is valid
+     * Check whether a provider name is syntactically valid (not whether it is
+     * one of the built-ins — any registered provider is allowed).
      */
     isValidProvider(provider) {
-        return provider === 'openrouter' || provider === 'openai';
+        return Boolean(provider) && CliApplication.PROVIDER_NAME_RE.test(provider);
     }
     /**
      * Run the CLI application