patina-cli 3.11.0 → 4.0.0

package/src/cli.js

@@ -8,29 +8,41 @@ import {
   toneToBackboneProfile,
 } from './loader.js';
 import { buildPrompt } from './prompt-builder.js';
-import { invokeBackendChain, selectBackendChain, listBackends, listBackendNames } from './backends/index.js';
-import { selectProvider, resolveProviderConfig, PROVIDERS } from './providers.js';
+import { invokeBackendChain, selectBackendChain, listBackends, listBackendNames, resolveBackend } from './backends/index.js';
+import { selectProvider, resolveProviderConfig } from './providers.js';
 import { validateBaseURL, applyInsecureBaseURLOptIn, applyPrivateBaseURLOptIn } from './security.js';
-import { formatOutput, validateScoreWeights } from './output.js';
-import { runMaxMode } from './max-mode.js';
+import { formatOutput, validateScoreWeights, buildDeterministicAuditBackstop } from './output.js';
 import { runOuroboros } from './ouroboros.js';
 import { interpretScore, reconcileScoreOverall, scoreDeterministicSignals } from './scoring.js';
-import { callLLM, DEFAULT_TEMPERATURE } from './api.js';
-import { createResponseCache, DEFAULT_CACHE_TTL_SECONDS } from './cache.js';
-import { buildManifest, appendResult, writeManifest, hashSha256 } from './manifest.js';
 import { runDoctor } from './commands/doctor.js';
-import { runInit } from './commands/init.js';
 import { PatinaCliError, inputError, runtimeError, renderCliError, getExitCode } from './errors.js';
-import { inspectHttpApiKeySource, providerHttpKeyEnvVars, resolveHttpApiKey } from './auth.js';
+import { providerHttpKeyEnvVars, resolveHttpApiKey } from './auth.js';
 import { createLogger } from './logger.js';
+import {
+  DEFAULT_BACKEND_TIMEOUT_MS,
+  PROMPT_SIZE_WARNING_CHARS,
+  getBackendSafety,
+  resolveBackendMaxConcurrency,
+  resolveBackendMaxRetries,
+} from './backends/contract.js';
 import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';
 import { resolve, basename, extname } from 'node:path';
 import { fileURLToPath } from 'node:url';
+import { createInterface } from 'node:readline/promises';
 
 const PACKAGE_VERSION = JSON.parse(
   readFileSync(resolve(getRepoRoot(), 'package.json'), 'utf8')
 ).version;
 
+/**
+ * Run the patina CLI command dispatcher.
+ *
+ * @param {string[]} args Command-line arguments excluding node and script path.
+ * @returns {Promise<void>} Resolves after command output is written.
+ * @throws {Error} For validation, provider, file, or runtime failures.
+ * @example
+ * await main(['--help']);
+ */
 export async function main(args) {
   if (args[0] === 'auth') {
     return handleAuth(args.slice(1));
@@ -39,7 +51,11 @@ export async function main(args) {
     return runDoctor(args.slice(1), { version: PACKAGE_VERSION });
   }
   if (args[0] === 'init') {
-    return runInit(args.slice(1));
+    throw inputError(
+      'patina init was removed',
+      'patina is zero-config; use CLI flags for one-off runs or add .patina.yaml only when project defaults are needed.',
+      'Copy .patina.default.yaml to .patina.yaml and edit it manually, or pass --config <path>.'
+    );
   }
   if (args[0] === 'help') {
     printHelp();
@@ -47,7 +63,7 @@ export async function main(args) {
   }
 
   const parsed = parseArgs(args);
-  const logger = createLogger({ quiet: parsed.quiet, json: parsed.jsonLogs });
+  const logger = createLogger({ quiet: parsed.quiet });
 
   if (parsed.help) {
     printHelp();
@@ -59,17 +75,10 @@ export async function main(args) {
     return;
   }
 
-  if (parsed.models && parsed.variants && parsed.variants > 1) {
-    throw inputError(
-      '--variants is not supported with --models/MAX mode yet',
-      'MAX mode already fans out across models, so variant fan-out is ambiguous.',
-      'Omit --variants or run one model at a time.'
-    );
-  }
 
   if (parsed.gate !== undefined && !parsed.score) {
     throw inputError(
-      `${parsed.gateOption || '--gate'} can only be used with --score`,
+      '--exit-on can only be used with --score',
       'Score gates need a parsed overall score.',
       'Run `patina --score --exit-on 30 <file>`.'
     );
@@ -80,11 +89,6 @@ export async function main(args) {
     return;
   }
 
-  if (parsed.listProviders) {
-    printProviderStatus();
-    return;
-  }
-
   const configPath = parsed.config ? resolve(process.cwd(), parsed.config) : undefined;
   const config = loadConfig(configPath);
 
@@ -92,7 +96,7 @@ export async function main(args) {
   if (parsed.profile) config.profile = parsed.profile;
 
   const provider = selectProvider(parsed.provider ?? config.provider);
-  const apiKey = resolveApiKey(parsed, provider, logger);
+  const apiKey = resolveApiKey(parsed, provider);
   const resolved = resolveProviderConfig({
     provider,
     apiKey,
@@ -103,12 +107,6 @@ export async function main(args) {
   applyPrivateBaseURLOptIn(parsed);
   validateBaseURL(resolved.baseURL);
 
-  const startedAt = new Date().toISOString();
-  const manifestResults = [];
-  const manifestOutputs = [];
-  const manifestTemperature = DEFAULT_TEMPERATURE;
-  const manifestSeed = null;
-  const responseCache = resolveResponseCache(parsed);
 
   const repoRoot = getRepoRoot();
   const lang = config.language || 'ko';
@@ -134,6 +132,11 @@ export async function main(args) {
     const backbone = toneToBackboneProfile(toneResolution.tone);
     if (backbone) profileName = backbone;
   }
+  const resolvedProfileName = resolveProfileForLanguage(profileName, lang, logger);
+  if (resolvedProfileName !== profileName) {
+    profileName = resolvedProfileName;
+    config.profile = 'default';
+  }
 
   const patterns = loadPatterns(repoRoot, lang, config['skip-patterns'] || []);
   const profile = loadProfile(repoRoot, profileName);
@@ -157,197 +160,181 @@ export async function main(args) {
   }
 
   const inputTexts = await loadInputs(parsed, logger);
-  const cancellation = createCancellationController({ logger });
+  const timeoutMs = parsed.timeoutMs ?? DEFAULT_BACKEND_TIMEOUT_MS;
+  const backendSelection = parsed.ouroboros
+    ? null
+    : selectBackendChain({
+      name: parsed.backend ?? config.backend ?? (resolved.baseURLSource !== 'default' ? 'openai-http' : undefined),
+      model: resolved.model,
+      modelSource: resolved.modelSource,
+    });
+  const backends = backendSelection?.backends || [];
+  const backend = backends[0] || null;
 
-  cancellation.install();
-  try {
-    for (const { path, text } of inputTexts) {
-      cancellation.throwIfCanceled();
-      const manifestCalls = [];
-      const recordManifestCall = parsed.saveRun ? createManifestCallRecorder(manifestCalls) : null;
-      const trackedCallLLM = (parsed.saveRun || responseCache)
-        ? (args) => callLLM({
-          ...args,
-          cache: responseCache,
-          onResponse: (metadata) => {
-            args.onResponse?.(metadata);
-            recordManifestCall?.(metadata);
-          },
-        })
-        : undefined;
-      const prompt = buildPrompt({
-        config,
-        patterns,
-        profile: profile.body ? profile : null,
-        voice: voice.body ? voice : null,
-        voiceSample,
-        scoring: scoring.body ? scoring : null,
-        text,
-        mode,
-        tone: toneResolution,
-        promptMode: resolvePromptMode(
-          parsed.promptMode || config['prompt-mode'] || 'strict',
-          { backend: parsed.backend ?? config.backend, model: resolved.model }
-        ),
-        variants: parsed.variants || 1,
+  if (backendSelection) {
+    if (backendSelection.autoSelected) {
+      logger.info('backend.selected', {
+        message: `[patina] Using ${backend.name} backend (${backendSelection.reason}). Run \`patina auth status\` for details.`,
       });
+    }
+    if (backends.length > 1) {
+      logger.info('backend.chain', {
+        message: `[patina] Backend fallback chain: ${backends.map((b) => b.name).join(' → ')}`,
+      });
+    }
+    if (backend.name === 'openai-http' && !resolved.apiKey) {
+      const msg = ['No API key found. Set PATINA_API_KEY, PATINA_API_KEY_FILE, OPENAI_API_KEY, or use --api-key-file.'];
+      if (provider) {
+        msg.push(`(--provider ${provider.name} expects ${provider.apiKeyEnv} or PATINA_API_KEY.)`);
+      }
+      const codex = listBackends().find((b) => b.name === 'codex-cli');
+      if (codex && codex.available && codex.authenticated) {
+        msg.push('Or pass `--backend codex-cli` to use the codex-cli backend (no key needed).');
+      } else if (codex && codex.available && !codex.authenticated) {
+        msg.push('Or run `codex login`, then pass `--backend codex-cli`.');
+      } else if (codex && !codex.available) {
+        msg.push('Or install `codex` from https://github.com/openai/codex and pass `--backend codex-cli`.');
+      }
+      throw runtimeError(
+        'no API key found',
+        msg[0],
+        msg.slice(1).join(' ') || 'Set PATINA_API_KEY or pass --backend codex-cli after logging in.'
+      );
+    }
+  }
 
-      let result;
-
-      if (parsed.models) {
-        result = await runMaxMode({
-          prompt,
-          sourceText: text,
-          models: parsed.models,
-          apiKey: resolved.apiKey,
-          baseURL: resolved.baseURL,
-          config,
-          patterns,
-          maxConcurrency: parsed.maxConcurrency,
-          wallClockBudgetMs: parsed.maxTimeoutSeconds === undefined ? undefined : parsed.maxTimeoutSeconds * 1000,
-          callLLM: trackedCallLLM,
-          signal: cancellation.signal,
-          logger,
-        });
-      } else if (parsed.ouroboros) {
-        result = await runOuroboros({
-          config,
-          patterns,
-          profile: profile.body ? profile : null,
-          voice: voice.body ? voice : null,
-          voiceSample,
-          scoring: scoring.body ? scoring : null,
-          text,
-          apiKey: resolved.apiKey,
-          baseURL: resolved.baseURL,
-          model: resolved.model,
-          callLLM: trackedCallLLM,
-          signal: cancellation.signal,
-          logger,
-        });
-      } else {
-        const { backends, autoSelected, reason } = selectBackendChain({
-          name: parsed.backend ?? config.backend,
-          model: resolved.model,
-        });
-        const backend = backends[0];
+  const promptMode = backendSelection
+    ? resolvePromptMode({ backend: backend.name, model: resolved.model })
+    : 'strict';
+  const jobs = inputTexts.map(({ path, text }) => ({
+    path,
+    text,
+    prompt: parsed.ouroboros ? null : buildPrompt({
+      config,
+      patterns,
+      profile: profile.body ? profile : null,
+      voice: voice.body ? voice : null,
+      voiceSample,
+      scoring: scoring.body ? scoring : null,
+      text,
+      mode,
+      tone: toneResolution,
+      promptMode,
+    }),
+  }));
 
-        if (autoSelected) {
-          logger.info('backend.selected', {
-            message: `[patina] Using ${backend.name} backend (${reason}). Run \`patina auth status\` for details.`,
+  if (backendSelection) {
+    logBatchSafetyPlan({
+      jobs,
+      backends,
+      parsed,
+      promptMode,
+      timeoutMs,
+      logger,
+    });
+  }
+
+  const cancellation = createCancellationController({ logger });
+  const batchState = createBatchCircuitBreaker({ parsed, total: jobs.length });
+
+  cancellation.install();
+  try {
+    for (const { path, text, prompt } of jobs) {
+      try {
+        cancellation.throwIfCanceled();
+        let result;
+
+        if (parsed.ouroboros) {
+          result = await runOuroboros({
+            config,
+            patterns,
+            profile: profile.body ? profile : null,
+            voice: voice.body ? voice : null,
+            voiceSample,
+            scoring: scoring.body ? scoring : null,
+            text,
+            apiKey: resolved.apiKey,
+            baseURL: resolved.baseURL,
+            model: resolved.model,
+            timeout: timeoutMs,
+            signal: cancellation.signal,
+            logger,
+          });
+        } else {
+          result = await invokeBackendChain({
+            backends,
+            prompt,
+            apiKey: resolved.apiKey,
+            baseURL: resolved.baseURL,
+            model: resolved.model,
+            modelSource: resolved.modelSource,
+            signal: cancellation.signal,
+            timeout: timeoutMs,
+            maxConcurrency: parsed.maxConcurrency,
+            maxRetries: parsed.maxRetries,
+            logger,
           });
         }
-        if (backends.length > 1) {
-          logger.info('backend.chain', {
-            message: `[patina] Backend fallback chain: ${backends.map((b) => b.name).join(' → ')}`,
+        cancellation.throwIfCanceled();
+
+        if (mode === 'score' && !parsed.ouroboros) {
+          result = withDeterministicScore(result, {
+            text,
+            config,
+            repoRoot,
+            logger,
           });
         }
 
-        if (backend.name === 'openai-http' && !resolved.apiKey) {
-          const msg = ['No API key found. Set PATINA_API_KEY, PATINA_API_KEY_FILE, OPENAI_API_KEY, or pass --api-key.'];
-          if (provider) {
-            msg.push(`(--provider ${provider.name} expects ${provider.apiKeyEnv} or PATINA_API_KEY.)`);
-          }
-          const codex = listBackends().find((b) => b.name === 'codex-cli');
-          if (codex && codex.available && codex.authenticated) {
-            msg.push('Or pass `--backend codex-cli` to use the codex-cli backend (no key needed).');
-          } else if (codex && codex.available && !codex.authenticated) {
-            msg.push('Or run `codex login`, then pass `--backend codex-cli`.');
-          } else if (codex && !codex.available) {
-            msg.push('Or install `codex` from https://github.com/openai/codex and pass `--backend codex-cli`.');
+        const auditBackstop =
+          mode === 'audit' && (parsed.format ?? 'markdown') !== 'json' && !parsed.batch
+            ? buildDeterministicAuditBackstop(text, { lang, repoRoot })
+            : '';
+        let output;
+        let scoreValidationOutput = null;
+        if (parsed.ouroboros) {
+          const ouroborosBody = formatOuroborosOutput(result);
+          output = formatOutput(ouroborosBody, mode, parsed, { tone: toneResolution, logger, auditBackstop });
+          scoreValidationOutput = ouroborosBody;
+        } else {
+          output = formatOutput(result, mode, parsed, { tone: toneResolution, logger, auditBackstop });
+          if (mode === 'score') {
+            scoreValidationOutput = formatOutput(result, mode, { ...parsed, format: 'markdown' }, { logger });
           }
-          throw runtimeError(
-            'no API key found',
-            msg[0],
-            msg.slice(1).join(' ') || 'Set PATINA_API_KEY or pass --backend codex-cli after logging in.'
-          );
         }
 
-        result = await invokeBackendChain({
-          backends,
-          prompt,
-          apiKey: resolved.apiKey,
-          baseURL: resolved.baseURL,
-          model: resolved.model,
-          signal: cancellation.signal,
-          temperature: manifestTemperature,
-          seed: manifestSeed,
-          onResponse: recordManifestCall,
-          cache: responseCache,
-          logger,
-        });
-      }
-      cancellation.throwIfCanceled();
-
-      if (mode === 'score' && !parsed.models && !parsed.ouroboros) {
-        result = withDeterministicScore(result, {
-          text,
-          config,
-          repoRoot,
-          logger,
-        });
-      }
-
-      let output;
-      let scoreValidationOutput = null;
-      if (parsed.ouroboros) {
-        const ouroborosBody = formatOuroborosOutput(result);
-        output = formatOutput(ouroborosBody, mode, parsed, { tone: toneResolution, logger });
-        scoreValidationOutput = ouroborosBody;
-      } else {
-        output = formatOutput(result, mode, parsed, { tone: toneResolution, logger });
+        // v3.11 Phase 1.3: surface weight drift between config and the score
+        // table the model emitted. Warnings only — does not alter the output.
         if (mode === 'score') {
-          scoreValidationOutput = formatOutput(result, mode, { ...parsed, format: 'markdown' }, { logger });
-        }
-      }
+          const configWeights = config.ouroboros?.['category-weights']?.[lang] || {};
+          const warnings = validateScoreWeights(scoreValidationOutput || output, configWeights);
+          for (const w of warnings) {
+            logger.warn('score.weight_check', { message: `[patina] ${w}` });
+          }
 
-      // v3.11 Phase 1.3: surface weight drift between config and the score
-      // table the model emitted. Warnings only — does not alter the output.
-      if (mode === 'score') {
-        const configWeights = config.ouroboros?.['category-weights']?.[lang] || {};
-        const warnings = validateScoreWeights(scoreValidationOutput || output, configWeights);
-        for (const w of warnings) {
-          logger.warn('score.weight_check', { message: `[patina] ${w}` });
+          if (parsed.gate !== undefined) {
+            applyScoreGate(result, output, parsed.gate, logger);
+          }
         }
 
-        if (parsed.gate !== undefined) {
-          applyScoreGate(result, output, parsed.gate, logger);
+        if (parsed.batch) {
+          await writeBatchOutput(parsed, path, output);
+        } else {
+          console.log(output);
         }
-      }
-
-      if (result?.type === 'max-mode' && (result.allFailed || result.mpsFallback)) {
-        process.exitCode = Math.max(Number(process.exitCode) || 0, 4);
-      }
-
-      if (parsed.saveRun) {
-        const idx = manifestResults.length + 1;
-        const outputName = `output-${idx}.txt`;
-        appendResult(manifestResults, {
-          inputPath: path,
-          prompt,
-          response: manifestResponseText(result, output),
-          outputRef: { kind: 'file', name: outputName },
-          tokensIn: sumManifestCalls(manifestCalls, 'tokensIn'),
-          tokensOut: sumManifestCalls(manifestCalls, 'tokensOut'),
-          temperature: manifestTemperature,
-          seed: manifestSeed,
-          cost: sumManifestCallCost(manifestCalls),
-          scores: manifestScoreDetails(result),
-          iterationLog: manifestIterationLog(result),
-          calls: manifestCalls.length > 0 ? manifestCalls : undefined,
+        batchState.recordSuccess();
+      } catch (err) {
+        if (!shouldHandleBatchFailure(parsed, jobs.length)) throw err;
+        batchState.recordFailure({ path, err });
+        logger.warn('batch.file_failed', {
+          message: `[patina] batch file failed: ${path} (${batchState.failures.length}/${batchState.maxFailures} failures): ${err.message}`,
         });
-        manifestOutputs.push({ name: outputName, content: output });
-      }
-
-      if (parsed.batch) {
-        await writeBatchOutput(parsed, path, output);
-      } else {
-        console.log(output);
+        if (batchState.shouldStop()) throw batchState.toError();
       }
     }
 
-    if (responseCache) {
-      logger.info('cache.stats', { message: formatCacheStats(responseCache.stats) });
+    if (batchState.hasFailures()) {
+      throw batchState.toError({ completed: true });
     }
   } catch (err) {
     if (cancellation.signal.aborted) throw cancellationError();
@@ -357,30 +344,6 @@ export async function main(args) {
     logger.closeProgress();
   }
 
-  if (parsed.saveRun) {
-    const manifest = buildManifest({
-      patinaVersion: PACKAGE_VERSION,
-      mode,
-      lang,
-      profile: profileName,
-      provider: provider?.name,
-      backend: parsed.backend ?? config.backend ?? 'openai-http',
-      model: resolved.model,
-      configPath: configPath ?? null,
-      config,
-      patterns,
-      results: manifestResults,
-      startedAt,
-      temperature: manifestTemperature,
-      seed: manifestSeed,
-    });
-    const manifestPath = writeManifest(
-      resolve(process.cwd(), parsed.saveRun),
-      manifest,
-      manifestOutputs
-    );
-    logger.info('manifest.written', { message: `[patina] wrote manifest to ${manifestPath}` });
-  }
 }
 
 function parseArgs(args) {
@@ -451,30 +414,9 @@ function parseArgs(args) {
         parsed.format = value;
         break;
       }
-      case '--json':
-        parsed.format = 'json';
-        break;
       case '--quiet':
         parsed.quiet = true;
         break;
-      case '--json-logs':
-        parsed.jsonLogs = true;
-        break;
-      case '--gate': {
-        const value = readOptionValue(args, i, arg, { allowFlagLike: true });
-        i++;
-        const n = Number(value);
-        if (!Number.isFinite(n) || n < 0 || n > 100) {
-          throw inputError(
-            '--gate expects a number from 0 to 100',
-            `Received ${value === undefined ? 'no value' : `"${value}"`}.`,
-            'Use `patina --score --gate 30 <file>` for CI gates.'
-          );
-        }
-        parsed.gate = n;
-        parsed.gateOption = '--gate';
-        break;
-      }
       case '--exit-on': {
         const value = readOptionValue(args, i, arg, { allowFlagLike: true });
         i++;
@@ -487,7 +429,6 @@ function parseArgs(args) {
           );
         }
         parsed.gate = n;
-        parsed.gateOption = '--exit-on';
         break;
       }
       case '--ouroboros':
@@ -507,56 +448,10 @@ function parseArgs(args) {
         parsed.outdir = readOptionValue(args, i, arg);
         i++;
         break;
-      case '--models':
-        parsed.models = readOptionValue(args, i, arg)
-          .split(',')
-          .map((m) => m.trim())
-          .filter(Boolean);
-        i++;
-        if (parsed.models.length === 0) {
-          throw inputError(
-            '--models expects at least one model id',
-            'The comma-separated model list was empty.',
-            'Use `--models gpt-4o,claude-3-5-sonnet`.'
-          );
-        }
-        break;
-      case '--max-concurrency': {
-        const value = readOptionValue(args, i, arg, { allowFlagLike: true });
-        i++;
-        const n = Number(value);
-        if (!Number.isInteger(n) || n < 0) {
-          throw inputError(
-            '--max-concurrency expects a non-negative integer',
-            `Received ${value === undefined ? 'no value' : `"${value}"`}.`,
-            'Use `--max-concurrency 2`, omit it for the safe default, or pass 0 for unlimited concurrency.'
-          );
-        }
-        parsed.maxConcurrency = n;
-        break;
-      }
-      case '--max-timeout': {
-        const value = readOptionValue(args, i, arg, { allowFlagLike: true });
-        i++;
-        const n = Number(value);
-        if (!Number.isFinite(n) || n <= 0) {
-          throw inputError(
-            '--max-timeout expects a positive number of seconds',
-            `Received ${value === undefined ? 'no value' : `"${value}"`}.`,
-            'Use `--max-timeout 300`, or omit it for the default 300 seconds.'
-          );
-        }
-        parsed.maxTimeoutSeconds = n;
-        break;
-      }
       case '--model':
         parsed.model = readOptionValue(args, i, arg);
         i++;
         break;
-      case '--api-key':
-        parsed.apiKey = readOptionValue(args, i, arg);
-        i++;
-        break;
       case '--api-key-file':
         parsed.apiKeyFile = readOptionValue(args, i, arg);
         i++;
@@ -572,75 +467,53 @@ function parseArgs(args) {
         parsed.backend = readOptionValue(args, i, arg);
         i++;
         break;
-      case '--list-backends':
-        parsed.listBackends = true;
-        break;
-      case '--provider':
-        parsed.provider = readOptionValue(args, i, arg);
+      case '--timeout-ms': {
+        const value = readOptionValue(args, i, arg, { allowFlagLike: true });
         i++;
+        parsed.timeoutMs = parsePositiveIntegerOption(value, arg);
         break;
-      case '--list-providers':
-        parsed.listProviders = true;
-        break;
-      case '--allow-insecure-base-url':
-        parsed.allowInsecureBaseURL = true;
-        break;
-      case '--config':
-        parsed.config = readOptionValue(args, i, arg);
+      }
+      case '--max-concurrency': {
+        const value = readOptionValue(args, i, arg, { allowFlagLike: true });
         i++;
+        parsed.maxConcurrency = parsePositiveIntegerOption(value, arg);
         break;
-      case '--save-run':
-        parsed.saveRun = readOptionValue(args, i, arg);
+      }
+      case '--max-retries': {
+        const value = readOptionValue(args, i, arg, { allowFlagLike: true });
         i++;
+        parsed.maxRetries = parseNonNegativeIntegerOption(value, arg);
         break;
-      case '--cache':
-        parsed.cacheDir = readOptionValue(args, i, arg);
+      }
+      case '--max-failures': {
+        const value = readOptionValue(args, i, arg, { allowFlagLike: true });
         i++;
+        parsed.maxFailures = parsePositiveIntegerOption(value, arg);
         break;
-      case '--cache-ttl': {
+      }
+      case '--max-failure-rate': {
         const value = readOptionValue(args, i, arg, { allowFlagLike: true });
         i++;
-        const n = Number(value);
-        if (!Number.isFinite(n) || n <= 0) {
-          throw inputError(
-            '--cache-ttl expects a positive number of seconds',
-            `Received ${value === undefined ? 'no value' : `"${value}"`}.`,
-            'Use `--cache-ttl 86400` for a one-day response cache.'
-          );
-        }
-        parsed.cacheTtlSeconds = n;
+        parsed.maxFailureRate = parseFailureRateOption(value, arg);
         break;
       }
-      case '--no-cache':
-        parsed.noCache = true;
+      case '--stop-on-retryable-storm':
+        parsed.stopOnRetryableStorm = true;
+        break;
+      case '--list-backends':
+        parsed.listBackends = true;
         break;
-      case '--prompt-mode': {
-        const m = readOptionValue(args, i, arg);
+      case '--provider':
+        parsed.provider = readOptionValue(args, i, arg);
         i++;
-        if (!m || !['strict', 'minimal', 'auto'].includes(m)) {
-          throw inputError(
-            '--prompt-mode expects strict, minimal, or auto',
-            `Received ${m === undefined ? 'no value' : `"${m}"`}.`,
-            'Use `--prompt-mode auto` unless you need a specific prompt style.'
-          );
-        }
-        parsed.promptMode = m;
         break;
-      }
-      case '--variants': {
-        const value = readOptionValue(args, i, arg, { allowFlagLike: true });
+      case '--allow-insecure-base-url':
+        parsed.allowInsecureBaseURL = true;
+        break;
+      case '--config':
+        parsed.config = readOptionValue(args, i, arg);
         i++;
-        const n = Number(value);
-        if (!Number.isInteger(n) || n < 1 || n > 5) {
-          throw inputError(
-            '--variants expects an integer from 1 to 5',
-            `Received ${value === undefined ? 'no value' : `"${value}"`}.`,
-            'Use `--variants 2` for alternate rewrite drafts.'
-          );
-        }
-        parsed.variants = n;
         break;
-      }
       case '--no-interactive':
         parsed.noInteractive = true;
         break;
@@ -670,6 +543,19 @@ function cancellationError() {
   });
 }
 
+/**
+ * Create a SIGINT-aware cancellation controller for long-running CLI operations.
+ *
+ * @param {object} [options] Cancellation integration points.
+ * @param {NodeJS.Process} [options.processObj=process] Process-like object used for signal listeners.
+ * @param {NodeJS.WritableStream} [options.stderr=process.stderr] Stream for fallback cancel messages.
+ * @param {object|null} [options.logger] Optional patina logger.
+ * @returns {{signal: AbortSignal, install: Function, uninstall: Function, throwIfCanceled: Function}} Controller facade.
+ * @throws {Error} Propagates validation, filesystem, network, or dependency failures when the underlying operation cannot complete.
+ * @example
+ * const cancellation = createCancellationController();
+ * cancellation.install();
+ */
 export function createCancellationController({
   processObj = process,
   stderr = process.stderr,
@@ -736,44 +622,223 @@ function readOptionValue(args, index, option, { allowFlagLike = false } = {}) {
   return value;
 }
 
-// v3.11: case-05 found that prompt-mode preference is per-backend.
-// auto resolves to strict for codex-cli/claude (instruction-rich) and
-// minimal for gemini (voice-rich, over-constrained by long prompts).
-// Explicit strict/minimal pass through unchanged.
-export function resolvePromptMode(mode, { backend, model }) {
-  if (mode !== 'auto') return mode;
+function parsePositiveIntegerOption(value, option) {
+  const n = Number(value);
+  if (!Number.isInteger(n) || n <= 0) {
+    throw inputError(
+      `${option} expects a positive integer`,
+      `Received ${value === undefined ? 'no value' : `"${value}"`}.`,
+      `Use ${option} 1 or another whole number greater than zero.`
+    );
+  }
+  return n;
+}
+
+function parseNonNegativeIntegerOption(value, option) {
+  const n = Number(value);
+  if (!Number.isInteger(n) || n < 0) {
+    throw inputError(
+      `${option} expects a non-negative integer`,
+      `Received ${value === undefined ? 'no value' : `"${value}"`}.`,
+      `Use ${option} 0 to disable retries, or another whole number.`
+    );
+  }
+  return n;
+}
+
+function parseFailureRateOption(value, option) {
+  const n = Number(value);
+  if (!Number.isFinite(n) || n < 0) {
+    throw inputError(
+      `${option} expects a ratio or percent`,
+      `Received ${value === undefined ? 'no value' : `"${value}"`}.`,
+      `Use ${option} 0.25 for 25%, or ${option} 25.`
+    );
+  }
+  const ratio = n > 1 ? n / 100 : n;
+  if (ratio > 1) {
+    throw inputError(
+      `${option} expects a value from 0 to 1 or 0 to 100`,
+      `Received "${value}".`,
+      `Use ${option} 0.25 for 25%, or ${option} 25.`
+    );
+  }
+  return ratio;
+}
+
+// Internal prompt style is selected from backend safety metadata. Local agent
+// CLIs use the compact rewrite prompt by default to avoid feeding large pattern
+// packs into batch-oriented agent runtimes.
+export function resolvePromptMode({ backend, model }) {
   const backendStr = (backend || '').toLowerCase();
   const modelStr = (model || '').toLowerCase();
-  if (backendStr.includes('gemini') || modelStr.includes('gemini')) return 'minimal';
-  if (modelStr.includes('claude')) return 'strict';
-  // Default for codex-cli, openai-http with gpt-* models, and anything we
-  // can't classify — strict is the conservative choice (full pattern packs).
+  if (backendStr && backendStr !== 'openai-http') return getBackendSafety(backendStr).promptMode;
+  if (modelStr.includes('gemini')) return 'minimal';
+  if (backendStr) return getBackendSafety(backendStr).promptMode;
+  if (modelStr.includes('kimi') || modelStr.includes('claude') || modelStr.includes('codex')) return 'minimal';
   return 'strict';
 }
 
-// Resolve the API key, preferring file-based sources to keep the secret out
-// of argv and shell history (CWE-214). Precedence: --api-key-file >
-// PATINA_API_KEY_FILE > --api-key (with deprecation warning) > provider/default
-// env vars.
-function resolveApiKey(parsed, provider, logger = createLogger()) {
-  const hasApiKeyFile = Boolean(parsed.apiKeyFile || process.env.PATINA_API_KEY_FILE);
-  const apiKey = resolveHttpApiKey({
-    explicitApiKey: parsed.apiKey,
+/**
+ * Resolve a profile name against language-specific profile limits.
+ *
+ * @param {string} profileName Requested profile name.
+ * @param {string} lang Active language code.
+ * @param {object} [logger] Logger with warn(event, payload).
+ * @returns {string} Effective profile name.
+ * @throws {Error} Propagates validation, filesystem, network, or dependency failures when the underlying operation cannot complete.
+ * @example
+ * resolveProfileForLanguage('namuwiki', 'en') // 'default'
+ */
+export function resolveProfileForLanguage(profileName, lang, logger = null) {
+  const effective = profileName || 'default';
+  if (effective === 'namuwiki' && lang !== 'ko') {
+    logger?.warn?.('profile.unsupported_language', {
+      message: `[patina] profile "namuwiki" is ko-only; falling back to default profile for --lang ${lang}`,
+    });
+    return 'default';
+  }
+  return effective;
+}
+
+
+// Resolve the API key from file or environment. Precedence: --api-key-file >
+// PATINA_API_KEY_FILE > provider/default env vars.
+function resolveApiKey(parsed, provider) {
+  return resolveHttpApiKey({
     apiKeyFile: parsed.apiKeyFile,
     envVars: providerHttpKeyEnvVars(provider?.apiKeyEnv),
   });
-  if (hasApiKeyFile && parsed.apiKey) {
-    logger.warn('auth.api_key_file_precedence', {
-      message: '[patina] both --api-key-file and --api-key were provided; using --api-key-file',
+}
+
+function logBatchSafetyPlan({ jobs, backends, parsed, promptMode, timeoutMs, logger }) {
+  if (!parsed.batch || jobs.length <= 1) return;
+
+  const primary = backends[0];
+  const promptSizes = jobs
+    .map((job) => typeof job.prompt === 'string' ? job.prompt.length : 0)
+    .filter((size) => size > 0);
+  const maxPromptChars = promptSizes.length > 0 ? Math.max(...promptSizes) : 0;
+  const avgPromptChars = promptSizes.length > 0
+    ? Math.round(promptSizes.reduce((sum, size) => sum + size, 0) / promptSizes.length)
+    : 0;
+  const maxConcurrency = resolveBackendMaxConcurrency(primary?.name, parsed.maxConcurrency);
+  const perFileRequests = backends.reduce(
+    (sum, item) => sum + resolveBackendMaxRetries(item.name, parsed.maxRetries) + 1,
+    0
+  );
+
+  logger.info('batch.safety_plan', {
+    message: `[patina] batch safety: files=${jobs.length}, backend=${backends.map((b) => b.name).join('→')}, prompt_mode=${promptMode}, max_concurrency=${formatLimit(maxConcurrency)}, max_retries=${resolveBackendMaxRetries(primary?.name, parsed.maxRetries)}, timeout_ms=${timeoutMs}, worst_case_requests=${jobs.length * perFileRequests}, max_prompt_chars=${maxPromptChars}, avg_prompt_chars=${avgPromptChars}`,
+  });
+
+  if (primary && getBackendSafety(primary.name).agentRuntime) {
+    logger.warn('batch.local_cli_caveat', {
+      message: `[patina] ${primary.name} is a local agent CLI, not a stateless batch completion API. Large batches should prefer an OpenAI-compatible HTTP provider when possible.`,
     });
   }
-  if (parsed.apiKey && !hasApiKeyFile) {
-    logger.warn('auth.argv_secret_warning', {
-      message: '[patina] warning: --api-key exposes the secret in shell history and `ps` output.\n' +
-        '         Prefer PATINA_API_KEY env var, --api-key-file <path>, or PATINA_API_KEY_FILE.',
+  if (maxPromptChars >= PROMPT_SIZE_WARNING_CHARS) {
+    logger.warn('batch.prompt_size', {
+      message: `[patina] largest prompt is ~${maxPromptChars.toLocaleString()} chars; failed attempts still send the full prompt.`,
     });
   }
-  return apiKey;
+}
+
+function createBatchCircuitBreaker({ parsed, total }) {
+  const active = parsed.batch && total > 1;
+  const maxFailures = active
+    ? (parsed.maxFailures ?? Math.min(10, Math.max(3, Math.ceil(total * 0.1))))
+    : Infinity;
+  const maxFailureRate = active ? (parsed.maxFailureRate ?? 0.25) : Infinity;
+  const stormEnabled = active && (parsed.stopOnRetryableStorm ?? true);
+  const stormLimit = 3;
+  const failures = [];
+  const retryableBuckets = new Map();
+  let successes = 0;
+  let processed = 0;
+  let stopReason = null;
+
+  return {
+    get failures() {
+      return failures;
+    },
+    get maxFailures() {
+      return maxFailures;
+    },
+    recordSuccess() {
+      processed++;
+      successes++;
+    },
+    recordFailure({ path, err }) {
+      processed++;
+      failures.push({ path, err });
+      const bucket = classifyRetryableStorm(err);
+      if (bucket) {
+        retryableBuckets.set(bucket, (retryableBuckets.get(bucket) || 0) + 1);
+      }
+    },
+    hasFailures() {
+      return failures.length > 0;
+    },
+    shouldStop() {
+      if (!active) return false;
+      if (failures.length >= maxFailures) {
+        stopReason = `max failures reached (${failures.length}/${maxFailures})`;
+        return true;
+      }
+      if (
+        Number.isFinite(maxFailureRate) &&
+        processed >= (parsed.maxFailureRate === undefined ? Math.min(total, 4) : 1) &&
+        failures.length / processed > maxFailureRate
+      ) {
+        stopReason = `failure rate ${(failures.length / processed * 100).toFixed(1)}% exceeded ${(maxFailureRate * 100).toFixed(1)}%`;
+        return true;
+      }
+      if (stormEnabled) {
+        for (const [bucket, count] of retryableBuckets) {
+          if (count >= stormLimit) {
+            stopReason = `retryable storm detected (${count} × ${bucket})`;
+            return true;
+          }
+        }
+      }
+      return false;
+    },
+    toError({ completed = false } = {}) {
+      const summary = failures
+        .slice(0, 5)
+        .map((failure) => `${failure.path}: ${failure.err.message}`)
+        .join(' | ');
+      const why = stopReason || (completed
+        ? `Batch completed with ${failures.length} failed file(s).`
+        : `Batch stopped after ${failures.length} failed file(s).`);
+      return runtimeError(
+        completed ? 'batch completed with failures' : 'batch circuit breaker stopped the run',
+        `${why} Successes: ${successes}/${total}. Failures: ${failures.length}/${total}.`,
+        summary || 'Fix the backend failure, lower concurrency/retries, or rerun with a smaller batch.'
+      );
+    },
+  };
+}
+
+function shouldHandleBatchFailure(parsed, total) {
+  return parsed.batch && total > 1;
+}
+
+function classifyRetryableStorm(err) {
+  const message = String(err?.message || err || '');
+  if (/\bHTTP\s+429\b/i.test(message) || err?.status === 429) return 'HTTP 429';
+  if (/\bHTTP\s+503\b/i.test(message) || err?.status === 503) return 'HTTP 503';
+  if (/Provider stream timed out/i.test(message)) return 'provider stream timeout';
+  if (/timed out/i.test(message) || err?.name === 'AbortError') return 'timeout';
+  const exit = message.match(/\bexited with code\s+(75|1)\b/i);
+  if (exit) return `exit ${exit[1]}`;
+  if (/no final response body|empty response|final-message-only/i.test(message)) return 'empty response';
+  return null;
+}
+
+function formatLimit(value) {
+  return Number.isFinite(value) ? String(value) : 'unbounded';
 }
 
 async function loadInputs(parsed, logger = createLogger()) {
@@ -868,6 +933,7 @@ async function writeBatchOutput(parsed, inputPath, output) {
   console.log(`Written: ${outPath}`);
 }
 
+
 function formatOuroborosOutput(result) {
   let output = '## Ouroboros Iteration Log\n\n';
   output += '| Iter | Before | After | Improvement | Reason |\n';
@@ -894,33 +960,31 @@ function printHelp() {
 Usage: patina [command] [options] [file...]
 
 COMMANDS
-  patina init             Create a project .patina.yaml
   patina doctor [--json]  Check Node, backends, tmux, and auth setup
   patina auth status      Show backend availability and authentication status
   patina auth login       Print per-backend authentication instructions
+  patina auth login <backend> [--yes]
+                         Launch a backend login flow after confirmation
 
 MODES
   --diff                  Show changes pattern by pattern
   --no-color              Disable ANSI colors in --diff output
   --audit                 Detect patterns only (no rewrite)
   --score                 Output AI-likeness score (0-100)
-  --gate <n>              With --score, exit 3 when overall score > n
-  --exit-on <n>           Alias for --gate, intended for CI scripts
+  --exit-on <n>           With --score, exit 3 when overall score > n
   --ouroboros             Iterative self-improvement loop
 
 OUTPUT & BATCH
   --format <fmt>          Output format: markdown (default), text, json
-  --json                  Alias for --format json
   --quiet                 Suppress patina status/warning logs on stderr
-  --json-logs             Emit stderr logs as NDJSON objects
   --batch                 Process multiple files
   --in-place              Overwrite original files (with --batch)
   --suffix <ext>          Save as {name}{ext}{extname}
   --outdir <dir>          Save results to directory
-  --save-run <dir>        Write manifest.json + output-N.txt for reproducibility
-  --cache <dir>           Opt into persistent HTTP response cache
-  --cache-ttl <sec>       Cache TTL in seconds (default: ${DEFAULT_CACHE_TTL_SECONDS})
-  --no-cache              Bypass PATINA_CACHE_DIR / --cache for a fresh run
+  --max-failures <n>      Stop batch after n failed files
+  --max-failure-rate <r>  Stop batch when failure ratio exceeds r (0.25 or 25)
+  --stop-on-retryable-storm
+                          Stop batch after repeated 429/timeouts/empty local-CLI exits
   --no-interactive        Do not wait for TTY stdin; exit 2 when no input is given
 
 LANGUAGE & PROFILE
@@ -928,32 +992,28 @@ LANGUAGE & PROFILE
   --profile <name>        Profile: default, blog, academic, technical, formal,
                           social, email, legal, medical, marketing,
                           narrative, instructional, casual-conversation,
-                          code-comment, commit-message, release-notes
+                          code-comment, commit-message, release-notes, namuwiki
   --tone <name>           Tone: casual, professional, academic, narrative,
                           marketing, instructional, auto. Resolution:
                           --tone > config tone > config profile.
   --voice-sample <path>   Use 1-3 user paragraphs as style-only voice anchors
 
 MODEL & AUTH
-  --model <id>            Single model ID (default: gpt-4o)
-  --api-key <key>         API key (DEPRECATED: leaks via ps/shell history; prefer
-                          PATINA_API_KEY env or --api-key-file)
+  --model <id>            Single model ID. Defaults use the strongest
+                          documented model per backend: openai/codex gpt-5.5,
+                          claude-sonnet-4-6, gemini-2.5-pro,
+                          kimi-code/kimi-for-coding.
   --api-key-file <path>   Read API key from file (recommended)
   --base-url <url>        API base URL (or PATINA_API_BASE env)
   --backend <name[,name]> Backend or explicit fallback chain:
                           ${backendChoices} (default: openai-http)
-  --list-backends         List available backends and their availability
-  --provider <name>       Provider preset: openai, gemini, groq, together
-  --list-providers        List provider presets and which keys are set
-  --models <list>         MAX mode: comma-separated model list
-  --max-concurrency <n>   Cap parallel MAX-mode requests (default: min(models, 3);
-                          use 0 for unlimited, which can hit free-tier quotas)
-  --max-timeout <sec>     Wall-clock budget for standalone MAX mode (default: 300)
-
+  --list-backends         List backends, selectors, default models, and auth status
+  --timeout-ms <n>        Per-request/backend timeout in milliseconds
+  --max-concurrency <n>   Cross-process backend cap (safe defaults per backend)
+  --max-retries <n>       Retry budget per backend (local CLIs default to 0)
+  --provider <name>       Provider preset: openai, gemini, groq, kimi, moonshot, together
 ADVANCED
-  --variants <n>          Generate N rewrite variants (1-5; rewrite mode only)
   --config <path>         Load config from <path> instead of .patina.default.yaml
-  --prompt-mode <m>       strict | minimal | auto. auto picks per backend.
   --allow-insecure-base-url  Permit plaintext http:// to non-localhost endpoints
   --allow-private-base-url   Permit private/IMDS base URLs
   -h, --help              Show this help message
@@ -962,16 +1022,15 @@ ADVANCED
 EXAMPLES
   echo "This is a draft." | patina --lang en --backend codex-cli
   patina --score --exit-on 30 --format json draft.md
-  patina init --defaults
   patina doctor --json
 
 ENVIRONMENT
   PATINA_API_KEY, PATINA_API_KEY_FILE, PATINA_API_BASE, PATINA_MODEL
-  PATINA_CACHE_DIR, PATINA_CACHE_TTL_SECONDS
-  OPENAI_API_KEY, GEMINI_API_KEY, GROQ_API_KEY, TOGETHER_API_KEY
+  OPENAI_API_KEY, GEMINI_API_KEY, GROQ_API_KEY, TOGETHER_API_KEY,
+  KIMI_API_KEY, MOONSHOT_API_KEY
 
 EXIT CODES
-  0 success · 1 runtime/backend · 2 input/usage · 3 score gate exceeded · 4 MAX MPS fallback/all candidates failed · 130 interrupted
+  0 success · 1 runtime/backend · 2 input/usage · 3 score gate exceeded · 130 interrupted
 
 If no API key is set, pass --backend codex-cli to use a logged-in codex CLI
 (no key required). Auto-fallback was removed in v3.9 to keep agent-mode
@@ -1001,144 +1060,12 @@ function withDeterministicScore(rawResult, { text, config, repoRoot, logger }) {
   };
 }
 
-function manifestScoreDetails(result) {
-  if (!result || typeof result !== 'object') return null;
-  if (!result.llmScore && !result.deterministicScore && !result.scorePreference) return null;
-  return {
-    llm: result.llmScore ?? null,
-    deterministic: result.deterministicScore ?? null,
-    preference: result.scorePreference ?? null,
-  };
-}
-
-function resolveResponseCache(parsed) {
-  if (parsed.noCache) return null;
-  const dir = parsed.cacheDir ?? process.env.PATINA_CACHE_DIR;
-  if (!dir) return null;
 
-  const ttlSeconds =
-    parsed.cacheTtlSeconds ??
-    parseOptionalPositiveNumber(process.env.PATINA_CACHE_TTL_SECONDS, 'PATINA_CACHE_TTL_SECONDS') ??
-    DEFAULT_CACHE_TTL_SECONDS;
-
-  return createResponseCache({
-    dir: resolve(process.cwd(), dir),
-    ttlSeconds,
-  });
-}
-
-function parseOptionalPositiveNumber(value, name) {
-  if (value === undefined || value === null || value === '') return null;
-  const n = Number(value);
-  if (!Number.isFinite(n) || n <= 0) {
-    throw inputError(
-      `${name} expects a positive number of seconds`,
-      `Received "${value}".`,
-      `Set ${name}=86400 or omit it for the default.`
-    );
-  }
-  return n;
-}
-
-function formatCacheStats(stats) {
-  const expired = stats.expired ? `, expired ${stats.expired}` : '';
-  const errors = stats.errors ? `, errors ${stats.errors}` : '';
-  return `[patina] cache hits ${stats.hits}, misses ${stats.misses}, writes ${stats.writes}${expired}${errors}`;
-}
-
-function createManifestCallRecorder(calls) {
-  return (metadata = {}) => {
-    calls.push({
-      provider: metadata.provider ?? null,
-      model: metadata.model ?? null,
-      requestedModel: metadata.requestedModel ?? null,
-      temperature: metadata.temperature ?? null,
-      seed: metadata.seed ?? null,
-      responseHash: hashSha256(metadata.content),
-      tokensIn: extractUsageToken(metadata.usage, ['prompt_tokens', 'input_tokens', 'tokens_in']),
-      tokensOut: extractUsageToken(metadata.usage, ['completion_tokens', 'output_tokens', 'tokens_out']),
-      cost: extractResponseCost(metadata.rawResponse, metadata.usage),
-      cache: metadata.cache ?? null,
-    });
-  };
-}
-
-function extractUsageToken(usage, keys) {
-  if (!usage || typeof usage !== 'object') return null;
-  for (const key of keys) {
-    const value = Number(usage[key]);
-    if (Number.isFinite(value)) return value;
-  }
-  return null;
-}
-
-function extractResponseCost(rawResponse, fallbackUsage) {
-  const usage = rawResponse?.usage && typeof rawResponse.usage === 'object'
-    ? rawResponse.usage
-    : (fallbackUsage && typeof fallbackUsage === 'object' ? fallbackUsage : {});
-  const candidates = [
-    ['usage.cost_usd', usage.cost_usd, 'USD'],
-    ['usage.total_cost_usd', usage.total_cost_usd, 'USD'],
-    ['usage.cost', usage.cost, usage.currency],
-    ['usage.total_cost', usage.total_cost, usage.currency],
-    ['cost_usd', rawResponse?.cost_usd, 'USD'],
-    ['cost', rawResponse?.cost, rawResponse?.currency],
-  ];
-
-  for (const [source, value, currency] of candidates) {
-    const amount = Number(value);
-    if (Number.isFinite(amount)) {
-      return {
-        amount,
-        currency: currency || 'USD',
-        source,
-      };
-    }
-  }
-  return null;
-}
-
-function manifestResponseText(result, output) {
-  if (result?.type === 'max-mode') return result.best?.result ?? output;
-  if (typeof result?.finalText === 'string') return result.finalText;
-  if (typeof result?.raw === 'string') return result.raw;
-  if (typeof result === 'string') return result;
-  return output;
-}
-
-function manifestIterationLog(result) {
-  return Array.isArray(result?.log) ? result.log : null;
-}
-
-function sumManifestCalls(calls, key) {
-  const values = calls
-    .map((call) => call[key])
-    .filter((value) => value !== null && value !== undefined)
-    .map((value) => Number(value))
-    .filter((value) => Number.isFinite(value));
-  if (values.length === 0) return null;
-  return values.reduce((sum, value) => sum + value, 0);
-}
-
-function sumManifestCallCost(calls) {
-  const costs = calls
-    .map((call) => call.cost)
-    .filter((cost) => cost && Number.isFinite(Number(cost.amount)));
-  if (costs.length === 0) return null;
-
-  const currency = costs[0].currency || 'USD';
-  if (!costs.every((cost) => (cost.currency || 'USD') === currency)) return null;
-  return {
-    amount: costs.reduce((sum, cost) => sum + Number(cost.amount), 0),
-    currency,
-    source: 'sum',
-  };
-}
 
 function applyScoreGate(result, output, gate, logger = createLogger()) {
   const overall = extractScoreOverall(result, output);
   if (overall === null) {
-    throw new Error('--gate could not find a numeric `overall` value in --score output.');
+    throw new Error('score gate could not find a numeric `overall` value in --score output.');
   }
   if (overall > gate) {
     logger.warn('score.gate_failed', { message: `[patina] score gate failed: overall ${overall} > ${gate}` });
@@ -1189,71 +1116,63 @@ function printBackendStatus() {
   const list = listBackends();
   const rows = list.map((b) => ({
     name: b.name,
+    kind: b.kind,
+    selectWith: b.selectWith,
+    defaultModel: b.defaultModel || '-',
     available: b.available ? 'yes' : 'no',
     authenticated: b.authenticated ? 'yes' : 'no',
-    note: b.authenticated ? '' : b.authHint,
+    note: `${backendSafetyNote(b)} ${backendStatusNote(b)}`.trim(),
   }));
   const widths = {
     name: Math.max('Backend'.length, ...rows.map((r) => r.name.length)),
+    kind: Math.max('Kind'.length, ...rows.map((r) => r.kind.length)),
+    selectWith: Math.max('Select with'.length, ...rows.map((r) => r.selectWith.length)),
+    defaultModel: Math.max('Default model'.length, ...rows.map((r) => r.defaultModel.length)),
     available: Math.max('Available'.length, ...rows.map((r) => r.available.length)),
     authenticated: Math.max('Authenticated'.length, ...rows.map((r) => r.authenticated.length)),
   };
   const pad = (s, w) => s + ' '.repeat(Math.max(0, w - s.length));
   console.log(
-    `${pad('Backend', widths.name)}  ${pad('Available', widths.available)}  ${pad('Authenticated', widths.authenticated)}  Notes`
+    `${pad('Backend', widths.name)}  ${pad('Kind', widths.kind)}  ${pad('Select with', widths.selectWith)}  ${pad('Default model', widths.defaultModel)}  ${pad('Available', widths.available)}  ${pad('Authenticated', widths.authenticated)}  Notes`
   );
   console.log(
-    `${'-'.repeat(widths.name)}  ${'-'.repeat(widths.available)}  ${'-'.repeat(widths.authenticated)}  -----`
+    `${'-'.repeat(widths.name)}  ${'-'.repeat(widths.kind)}  ${'-'.repeat(widths.selectWith)}  ${'-'.repeat(widths.defaultModel)}  ${'-'.repeat(widths.available)}  ${'-'.repeat(widths.authenticated)}  -----`
   );
   for (const r of rows) {
     console.log(
-      `${pad(r.name, widths.name)}  ${pad(r.available, widths.available)}  ${pad(r.authenticated, widths.authenticated)}  ${r.note}`
+      `${pad(r.name, widths.name)}  ${pad(r.kind, widths.kind)}  ${pad(r.selectWith, widths.selectWith)}  ${pad(r.defaultModel, widths.defaultModel)}  ${pad(r.available, widths.available)}  ${pad(r.authenticated, widths.authenticated)}  ${r.note}`
     );
   }
 }
 
-function printProviderStatus() {
-  const rows = Object.values(PROVIDERS).map((p) => ({
-    name: p.name,
-    free: p.freeTier ? 'yes' : 'no',
-    keySource: providerKeySource(p),
-    providerEnv: process.env[p.apiKeyEnv] ? 'set' : 'missing',
-    note: `${p.apiKeyEnv} → ${p.baseURL}`,
-  }));
-  const widths = {
-    name: Math.max('Provider'.length, ...rows.map((r) => r.name.length)),
-    free: Math.max('Free tier'.length, ...rows.map((r) => r.free.length)),
-    keySource: Math.max('Key source'.length, ...rows.map((r) => r.keySource.length)),
-    providerEnv: Math.max('Provider env'.length, ...rows.map((r) => r.providerEnv.length)),
-  };
-  const pad = (s, w) => s + ' '.repeat(Math.max(0, w - s.length));
-  console.log(
-    `${pad('Provider', widths.name)}  ${pad('Free tier', widths.free)}  ${pad('Key source', widths.keySource)}  ${pad('Provider env', widths.providerEnv)}  Notes`
-  );
-  console.log(
-    `${'-'.repeat(widths.name)}  ${'-'.repeat(widths.free)}  ${'-'.repeat(widths.keySource)}  ${'-'.repeat(widths.providerEnv)}  -----`
-  );
-  for (const r of rows) {
-    console.log(
-      `${pad(r.name, widths.name)}  ${pad(r.free, widths.free)}  ${pad(r.keySource, widths.keySource)}  ${pad(r.providerEnv, widths.providerEnv)}  ${r.note}`
-    );
+function backendStatusNote(backend) {
+  if (!backend.available) return backend.installHint || backend.authHint;
+  if (backend.name === 'openai-http') return backend.authHint;
+  if (backend.authenticated && backend.name === 'gemini-cli' && backend.authHint.startsWith('Authenticated via ')) {
+    return backend.authHint;
   }
+  if (backend.authenticated) return 'ready';
+  if (backend.loginCommand) return `${backend.authHint} Use \`patina auth login ${backend.name}\` for the guided flow.`;
+  return backend.authHint;
 }
 
-function providerKeySource(provider) {
-  const source = inspectHttpApiKeySource({
-    envVars: providerHttpKeyEnvVars(provider.apiKeyEnv),
-  });
-  return source.ok ? source.source : 'missing';
+function backendSafetyNote(backend) {
+  return `cap=${formatLimit(backend.maxConcurrency)}, retries=${backend.maxRetries}, prompt=${backend.promptMode};`;
 }
 
-function handleAuth(subArgs) {
+async function handleAuth(subArgs) {
   const sub = subArgs[0] || 'status';
   if (sub === 'status') {
     printBackendStatus();
     return;
   }
   if (sub === 'login') {
+    const parsed = parseAuthLoginArgs(subArgs.slice(1));
+    if (parsed.backendName) {
+      await runAuthLogin(parsed);
+      return;
+    }
+
     console.log('To authenticate a backend, follow the per-backend instructions:\n');
     for (const b of listBackends()) {
       const status = b.authenticated ? '✓ already authenticated' : '✗ not authenticated';
@@ -1265,10 +1184,101 @@ function handleAuth(subArgs) {
   throw inputError(
     `unknown auth subcommand ${sub}`,
     'Supported auth subcommands are status and login.',
-    'Try `patina auth status` or `patina auth login`.'
+    'Try `patina auth status`, `patina auth login`, or `patina auth login codex-cli`.'
   );
 }
 
+function parseAuthLoginArgs(args) {
+  let assumeYes = false;
+  let backendName = null;
+
+  for (const arg of args) {
+    if (arg === '--yes' || arg === '-y') {
+      assumeYes = true;
+      continue;
+    }
+    if (arg.startsWith('-')) {
+      throw inputError(
+        `unknown auth login option ${arg}`,
+        'Only --yes/-y is supported for non-interactive confirmation.',
+        'Run `patina auth login <backend> --yes` or omit --yes to confirm interactively.'
+      );
+    }
+    if (backendName) {
+      throw inputError(
+        'auth login expects at most one backend',
+        `Received both ${backendName} and ${arg}.`,
+        `Available backends are: ${listBackendNames().join(', ')}.`
+      );
+    }
+    backendName = arg;
+  }
+
+  return { backendName, assumeYes };
+}
+
+async function runAuthLogin({ backendName, assumeYes }) {
+  const backend = resolveBackend(backendName);
+  if (typeof backend.login !== 'function') {
+    throw inputError(
+      `${backend.name} does not support interactive login`,
+      backend.authHint ? backend.authHint() : 'This backend authenticates outside local CLI OAuth.',
+      'Set PATINA_API_KEY, PATINA_API_KEY_FILE, or the provider-specific API key env var for HTTP backends.'
+    );
+  }
+
+  if (!backend.isAvailable()) {
+    throw runtimeError(
+      `${backend.name} CLI is not installed or not on PATH`,
+      backend.installHint || backend.authHint(),
+      'Install the CLI named above, then rerun this command.'
+    );
+  }
+
+  const commandLabel = backend.loginCommand || backend.name;
+  const confirmed = await confirmAuthLogin(commandLabel, { assumeYes });
+  if (!confirmed) {
+    console.log('Cancelled.');
+    return;
+  }
+
+  const wasAuthenticated = backend.isAuthenticated();
+  await backend.login();
+  const authenticated = backend.isAuthenticated();
+
+  if (authenticated) {
+    console.log(`${backend.name}: authenticated.`);
+  } else if (wasAuthenticated) {
+    console.log(`${backend.name}: login command completed; previous authentication is still present.`);
+  } else {
+    console.log(`${backend.name}: login command completed, but patina could not confirm authentication yet.`);
+    console.log(`→ ${backend.authHint()}`);
+  }
+}
+
+async function confirmAuthLogin(commandLabel, { assumeYes = false } = {}) {
+  if (assumeYes) {
+    console.log(`Run ${commandLabel}? yes (--yes)`);
+    return true;
+  }
+
+  if (!process.stdin.isTTY) {
+    throw inputError(
+      `cannot confirm ${commandLabel} in a non-interactive session`,
+      'patina will not launch an interactive OAuth flow without explicit confirmation.',
+      `Rerun with \`patina auth login <backend> --yes\` if you intentionally want to start ${commandLabel}.`
+    );
+  }
+
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  try {
+    const answer = await rl.question(`Run ${commandLabel}? [Y/n] `);
+    return answer.trim() === '' || /^y(es)?$/i.test(answer.trim());
+  } finally {
+    rl.close();
+  }
+}
+
 // Self-invocation guard (#113): when run directly via `node src/cli.js ...`,
 // run main(). When imported (e.g. by bin/patina.js or tests), just expose
 // the exports.