whale-code 6.4.0

package/dist/server/handlers/llm-providers.d.ts

@@ -0,0 +1,6 @@
+import type { SupabaseClient } from "@supabase/supabase-js";
+export declare function handleLLM(sb: SupabaseClient, args: Record<string, unknown>, storeId?: string): Promise<{
+    success: boolean;
+    data?: unknown;
+    error?: string;
+}>;

package/dist/server/handlers/llm-providers.js

@@ -0,0 +1,673 @@
+// server/handlers/llm-providers.ts — Multi-provider LLM with automatic failover
+// Providers: Anthropic, OpenAI, Google, AWS Bedrock, Ollama (local)
+import Anthropic from "@anthropic-ai/sdk";
+import OpenAI from "openai";
+import { GoogleGenAI } from "@google/genai";
+import { BedrockRuntimeClient, InvokeModelCommand } from "@aws-sdk/client-bedrock-runtime";
+import { MODELS } from "../../shared/constants.js";
+// ============================================================================
+// STATIC MODEL LISTS
+// ============================================================================
+const ANTHROPIC_MODELS = [
+    { model_id: "claude-sonnet-4-6", name: "Claude Sonnet 4.6", context_window: 200000 },
+    { model_id: "claude-opus-4-6", name: "Claude Opus 4.6", context_window: 200000 },
+    { model_id: "claude-sonnet-4-5-20250929", name: "Claude Sonnet 4.5", context_window: 200000 },
+    { model_id: "claude-sonnet-4-20250514", name: "Claude Sonnet 4", context_window: 200000 },
+    { model_id: "claude-haiku-4-5-20251001", name: "Claude Haiku 4.5", context_window: 200000 },
+    { model_id: "claude-3-5-sonnet-20241022", name: "Claude 3.5 Sonnet", context_window: 200000 },
+];
+const OPENAI_MODELS = [
+    { model_id: "gpt-4o", name: "GPT-4o", context_window: 128000 },
+    { model_id: "gpt-4o-mini", name: "GPT-4o Mini", context_window: 128000 },
+    { model_id: "gpt-4-turbo", name: "GPT-4 Turbo", context_window: 128000 },
+    { model_id: "o1", name: "o1", context_window: 200000 },
+    { model_id: "o1-mini", name: "o1-mini", context_window: 128000 },
+    { model_id: "o3-mini", name: "o3-mini", context_window: 200000 },
+];
+const BEDROCK_MODELS = [
+    { model_id: "anthropic.claude-sonnet-4-6", name: "Claude Sonnet 4.6 (Bedrock)", context_window: 200000 },
+    { model_id: "us.anthropic.claude-sonnet-4-20250514-v1:0", name: "Claude Sonnet 4 (Bedrock)", context_window: 200000 },
+    { model_id: "us.anthropic.claude-sonnet-4-5-20250929-v1:0", name: "Claude Sonnet 4.5 (Bedrock)", context_window: 200000 },
+    { model_id: "us.anthropic.claude-haiku-4-5-20251001-v1:0", name: "Claude Haiku 4.5 (Bedrock)", context_window: 200000 },
+    { model_id: "us.anthropic.claude-3-5-haiku-20241022-v1:0", name: "Claude 3.5 Haiku (Bedrock)", context_window: 200000 },
+    { model_id: "us.meta.llama3-1-70b-instruct-v1:0", name: "Llama 3.1 70B (Bedrock)", context_window: 128000 },
+    { model_id: "us.amazon.nova-pro-v1:0", name: "Amazon Nova Pro (Bedrock)", context_window: 300000 },
+];
+const GOOGLE_MODELS = [
+    { model_id: "gemini-3-pro-preview", name: "Gemini 3 Pro", context_window: 1048576 },
+    { model_id: "gemini-3-flash-preview", name: "Gemini 3 Flash", context_window: 1048576 },
+    { model_id: "gemini-2.5-pro", name: "Gemini 2.5 Pro", context_window: 1048576 },
+    { model_id: "gemini-2.5-flash", name: "Gemini 2.5 Flash", context_window: 1048576 },
+    { model_id: "gemini-2.5-flash-lite", name: "Gemini 2.5 Flash Lite", context_window: 1048576 },
+    { model_id: "gemini-2.0-flash", name: "Gemini 2.0 Flash", context_window: 1048576 },
+    { model_id: "gemini-2.0-flash-lite", name: "Gemini 2.0 Flash Lite", context_window: 1048576 },
+];
+const OLLAMA_MODELS = [
+    { model_id: "llama3.2", name: "Llama 3.2 (local)", context_window: 128000 },
+    { model_id: "mistral", name: "Mistral (local)", context_window: 32000 },
+    { model_id: "codellama", name: "Code Llama (local)", context_window: 16000 },
+    { model_id: "phi3", name: "Phi-3 (local)", context_window: 128000 },
+];
+// ============================================================================
+// CLIENT CACHE — reuse SDK clients to leverage internal connection pooling
+// ============================================================================
+const clientCache = new Map();
+const CLIENT_CACHE_TTL = 300_000; // 5 minutes
+function getCachedClient(provider, apiKey, createFn) {
+    const key = `${provider}:${apiKey.slice(-8)}`;
+    const cached = clientCache.get(key);
+    if (cached && Date.now() - cached.createdAt < CLIENT_CACHE_TTL)
+        return cached.client;
+    const client = createFn();
+    clientCache.set(key, { client, createdAt: Date.now() });
+    // LRU eviction: drop oldest entry if cache grows too large
+    if (clientCache.size > 20) {
+        const oldest = clientCache.keys().next().value;
+        if (oldest)
+            clientCache.delete(oldest);
+    }
+    return client;
+}
+// ============================================================================
+// CREDENTIAL CACHE — avoid repeated DB round-trips for the same store
+// ============================================================================
+const credentialCache = new Map();
+const CREDENTIAL_CACHE_TTL = 60_000; // 1 minute
+// ============================================================================
+// CREDENTIAL RESOLUTION
+// ============================================================================
+async function getCredentials(sb, storeId) {
+    // Check credential cache first
+    const cacheKey = `creds:${storeId}`;
+    const cached = credentialCache.get(cacheKey);
+    if (cached && Date.now() < cached.expiresAt)
+        return cached.data;
+    const creds = await _fetchCredentials(sb, storeId);
+    // Cache for CREDENTIAL_CACHE_TTL
+    credentialCache.set(cacheKey, { data: creds, expiresAt: Date.now() + CREDENTIAL_CACHE_TTL });
+    // LRU eviction: drop oldest entry if cache grows too large
+    if (credentialCache.size > 50) {
+        const oldest = credentialCache.keys().next().value;
+        if (oldest)
+            credentialCache.delete(oldest);
+    }
+    return creds;
+}
+async function _fetchCredentials(sb, storeId) {
+    const creds = {};
+    // Anthropic — available via process.env on the server
+    const anthropicKey = process.env.ANTHROPIC_API_KEY;
+    if (anthropicKey) {
+        creds.anthropic = { apiKey: anthropicKey };
+    }
+    // OpenAI — from user_tool_secrets (encrypted)
+    try {
+        const { data: openaiKey } = await sb.rpc("decrypt_secret", { p_name: "OPENAI_API_KEY", p_store_id: storeId });
+        if (openaiKey) {
+            creds.openai = { apiKey: openaiKey };
+        }
+    }
+    catch { /* not configured */ }
+    // Google AI — from user_tool_secrets (encrypted)
+    try {
+        const { data: googleKey } = await sb.rpc("decrypt_secret", { p_name: "GOOGLE_AI_API_KEY", p_store_id: storeId });
+        if (googleKey) {
+            creds.google = { apiKey: googleKey };
+        }
+    }
+    catch { /* not configured */ }
+    // AWS Bedrock — from user_tool_secrets
+    try {
+        const [accessKeyRes, secretKeyRes, regionRes] = await Promise.all([
+            sb.rpc("decrypt_secret", { p_name: "AWS_ACCESS_KEY_ID", p_store_id: storeId }),
+            sb.rpc("decrypt_secret", { p_name: "AWS_SECRET_ACCESS_KEY", p_store_id: storeId }),
+            sb.rpc("decrypt_secret", { p_name: "AWS_REGION", p_store_id: storeId }),
+        ]);
+        if (accessKeyRes.data && secretKeyRes.data) {
+            creds.bedrock = {
+                accessKeyId: accessKeyRes.data,
+                secretAccessKey: secretKeyRes.data,
+                region: regionRes.data || "us-east-1",
+            };
+        }
+    }
+    catch { /* not configured */ }
+    // P1 FIX: Only check Ollama when explicitly enabled (saves +2s on every credential load in prod)
+    if (process.env.OLLAMA_ENABLED === "true") {
+        try {
+            const controller = new AbortController();
+            const timer = setTimeout(() => controller.abort(), 2000);
+            const resp = await fetch("http://localhost:11434/api/version", { signal: controller.signal });
+            clearTimeout(timer);
+            if (resp.ok) {
+                creds.ollama = { available: true };
+            }
+        }
+        catch { /* not available */ }
+    }
+    return creds;
+}
+// ============================================================================
+// PROVIDER IMPLEMENTATIONS
+// ============================================================================
+const PROVIDER_TIMEOUT_MS = 120_000;
+async function callAnthropic(apiKey, prompt, model, maxTokens, temperature, systemPrompt) {
+    const client = getCachedClient("anthropic", apiKey, () => new Anthropic({ apiKey }));
+    const selectedModel = model || MODELS.SONNET;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), PROVIDER_TIMEOUT_MS);
+    try {
+        const resp = await client.messages.create({
+            model: selectedModel,
+            max_tokens: maxTokens,
+            temperature,
+            ...(systemPrompt ? { system: systemPrompt } : {}),
+            messages: [{ role: "user", content: prompt }],
+        }, { signal: controller.signal });
+        clearTimeout(timer);
+        const text = resp.content
+            .filter((b) => b.type === "text")
+            .map((b) => b.text)
+            .join("\n");
+        return {
+            provider: "anthropic",
+            model: selectedModel,
+            text,
+            tokens: {
+                input: resp.usage.input_tokens,
+                output: resp.usage.output_tokens,
+            },
+        };
+    }
+    catch (err) {
+        clearTimeout(timer);
+        throw err;
+    }
+}
+async function callOpenAI(apiKey, prompt, model, maxTokens, temperature, systemPrompt) {
+    const client = getCachedClient("openai", apiKey, () => new OpenAI({ apiKey }));
+    const selectedModel = model || "gpt-4o";
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), PROVIDER_TIMEOUT_MS);
+    try {
+        const messages = [];
+        if (systemPrompt) {
+            messages.push({ role: "system", content: systemPrompt });
+        }
+        messages.push({ role: "user", content: prompt });
+        const resp = await client.chat.completions.create({
+            model: selectedModel,
+            max_tokens: maxTokens,
+            temperature,
+            messages,
+        }, { signal: controller.signal });
+        clearTimeout(timer);
+        const text = resp.choices[0]?.message?.content || "";
+        return {
+            provider: "openai",
+            model: selectedModel,
+            text,
+            tokens: {
+                input: resp.usage?.prompt_tokens || 0,
+                output: resp.usage?.completion_tokens || 0,
+            },
+        };
+    }
+    catch (err) {
+        clearTimeout(timer);
+        throw err;
+    }
+}
+async function callGoogle(apiKey, prompt, model, maxTokens, temperature, systemPrompt) {
+    const client = getCachedClient("google", apiKey, () => new GoogleGenAI({ apiKey }));
+    const selectedModel = model || "gemini-2.5-flash";
+    // Thinking models (Pro/2.5+) use thinking tokens that count against maxOutputTokens.
+    // Enforce a minimum of 2048 so thinking doesn't consume the entire budget.
+    const isThinkingModel = /pro|2\.5|3-/.test(selectedModel);
+    const effectiveMaxTokens = isThinkingModel ? Math.max(maxTokens, 2048) : maxTokens;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), PROVIDER_TIMEOUT_MS);
+    try {
+        const response = await client.models.generateContent({
+            model: selectedModel,
+            contents: prompt,
+            config: {
+                maxOutputTokens: effectiveMaxTokens,
+                temperature,
+                ...(systemPrompt ? { systemInstruction: systemPrompt } : {}),
+                abortSignal: controller.signal,
+            },
+        });
+        clearTimeout(timer);
+        const text = response.text ?? "";
+        const usage = response.usageMetadata;
+        return {
+            provider: "google",
+            model: selectedModel,
+            text,
+            tokens: {
+                input: usage?.promptTokenCount || 0,
+                output: usage?.candidatesTokenCount || 0,
+            },
+        };
+    }
+    catch (err) {
+        clearTimeout(timer);
+        throw err;
+    }
+}
+async function callBedrock(accessKeyId, secretAccessKey, region, prompt, model, maxTokens, temperature, systemPrompt) {
+    const client = getCachedClient(`bedrock:${region || "us-east-1"}`, accessKeyId, () => new BedrockRuntimeClient({
+        region: region || "us-east-1",
+        credentials: { accessKeyId, secretAccessKey },
+    }));
+    const selectedModel = model || "us.anthropic.claude-3-5-haiku-20241022-v1:0";
+    // P1 FIX: Detect model family and format body accordingly
+    const isAnthropicModel = /anthropic|claude/i.test(selectedModel);
+    const isTitanModel = /titan/i.test(selectedModel);
+    const isLlama = /llama|meta/i.test(selectedModel);
+    const isMistral = /mistral/i.test(selectedModel);
+    let body;
+    if (isAnthropicModel) {
+        body = JSON.stringify({
+            anthropic_version: "bedrock-2023-05-31",
+            max_tokens: maxTokens,
+            temperature,
+            ...(systemPrompt ? { system: systemPrompt } : {}),
+            messages: [{ role: "user", content: prompt }],
+        });
+    }
+    else if (isTitanModel) {
+        body = JSON.stringify({
+            inputText: systemPrompt ? `${systemPrompt}\n\n${prompt}` : prompt,
+            textGenerationConfig: { maxTokenCount: maxTokens, temperature },
+        });
+    }
+    else if (isLlama || isMistral) {
+        body = JSON.stringify({
+            prompt: systemPrompt ? `<s>[INST] ${systemPrompt}\n\n${prompt} [/INST]` : `<s>[INST] ${prompt} [/INST]`,
+            max_gen_len: maxTokens,
+            temperature,
+        });
+    }
+    else {
+        console.warn(`[bedrock] Unknown model family for "${selectedModel}", defaulting to Anthropic format`);
+        body = JSON.stringify({
+            anthropic_version: "bedrock-2023-05-31",
+            max_tokens: maxTokens,
+            temperature,
+            ...(systemPrompt ? { system: systemPrompt } : {}),
+            messages: [{ role: "user", content: prompt }],
+        });
+    }
+    const command = new InvokeModelCommand({
+        modelId: selectedModel,
+        contentType: "application/json",
+        accept: "application/json",
+        body: new TextEncoder().encode(body),
+    });
+    // AbortController for timeout
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), PROVIDER_TIMEOUT_MS);
+    try {
+        const resp = await client.send(command, { abortSignal: controller.signal });
+        clearTimeout(timer);
+        const respBody = JSON.parse(new TextDecoder().decode(resp.body));
+        // P1 FIX: Parse response based on model family
+        let text;
+        let inputTokens;
+        let outputTokens;
+        if (isAnthropicModel) {
+            text = respBody.content?.[0]?.text || "";
+            inputTokens = respBody.usage?.input_tokens || 0;
+            outputTokens = respBody.usage?.output_tokens || 0;
+        }
+        else if (isTitanModel) {
+            text = respBody.results?.[0]?.outputText || "";
+            inputTokens = respBody.inputTextTokenCount || 0;
+            outputTokens = respBody.results?.[0]?.tokenCount || 0;
+        }
+        else if (isLlama || isMistral) {
+            text = respBody.generation || "";
+            inputTokens = respBody.prompt_token_count || 0;
+            outputTokens = respBody.generation_token_count || 0;
+        }
+        else {
+            text = respBody.content?.[0]?.text || respBody.generation || respBody.results?.[0]?.outputText || "";
+            inputTokens = respBody.usage?.input_tokens || 0;
+            outputTokens = respBody.usage?.output_tokens || 0;
+        }
+        return {
+            provider: "bedrock",
+            model: selectedModel,
+            text,
+            tokens: { input: inputTokens, output: outputTokens },
+        };
+    }
+    catch (err) {
+        clearTimeout(timer);
+        throw err;
+    }
+}
+async function callOllama(prompt, model, systemPrompt) {
+    const selectedModel = model || "llama3.2";
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), PROVIDER_TIMEOUT_MS);
+    try {
+        const resp = await fetch("http://localhost:11434/api/generate", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                model: selectedModel,
+                prompt,
+                ...(systemPrompt ? { system: systemPrompt } : {}),
+                stream: false,
+            }),
+            signal: controller.signal,
+        });
+        clearTimeout(timer);
+        if (!resp.ok) {
+            const errText = await resp.text();
+            throw new Error(`Ollama HTTP ${resp.status}: ${errText.substring(0, 200)}`);
+        }
+        const data = await resp.json();
+        return {
+            provider: "ollama",
+            model: selectedModel,
+            text: data.response || "",
+            tokens: {
+                input: data.prompt_eval_count || 0,
+                output: data.eval_count || 0,
+            },
+        };
+    }
+    catch (err) {
+        clearTimeout(timer);
+        throw err;
+    }
+}
+// ============================================================================
+// OUTPUT SANITIZATION
+// ============================================================================
+/**
+ * Strip markdown code fences that wrap the entire LLM response.
+ * Models frequently ignore "no code fences" instructions and wrap HTML/JSON/etc.
+ * in ```lang ... ``` — this breaks downstream consumers (e.g. email HTML body).
+ * Only strips when fences wrap the ENTIRE response (not inline code blocks).
+ */
+function stripCodeFences(text) {
+    const trimmed = text.trim();
+    // Match opening ```<optional-lang>\n and closing \n```
+    const match = trimmed.match(/^```[\w]*\s*\n([\s\S]*?)\n\s*```\s*$/);
+    return match ? match[1] : trimmed;
+}
+// ============================================================================
+// FAILOVER LOGIC
+// ============================================================================
+const FAILOVER_ORDER = ["anthropic", "openai", "google", "bedrock", "ollama"];
+// Model ownership: which provider does a given model belong to?
+const MODEL_PROVIDER_MAP = {};
+for (const m of ANTHROPIC_MODELS)
+    MODEL_PROVIDER_MAP[m.model_id] = "anthropic";
+for (const m of OPENAI_MODELS)
+    MODEL_PROVIDER_MAP[m.model_id] = "openai";
+for (const m of GOOGLE_MODELS)
+    MODEL_PROVIDER_MAP[m.model_id] = "google";
+for (const m of BEDROCK_MODELS)
+    MODEL_PROVIDER_MAP[m.model_id] = "bedrock";
+for (const m of OLLAMA_MODELS)
+    MODEL_PROVIDER_MAP[m.model_id] = "ollama";
+/** Returns true if the error is transient and worth retrying on the same provider */
+function isRetryableError(err) {
+    if (err instanceof Error) {
+        const msg = err.message || "";
+        // HTTP status codes that are transient
+        if (/\b(429|503|529)\b/.test(msg))
+            return true;
+        // Network errors
+        if (/ECONNRESET|ETIMEDOUT|ENOTFOUND|socket hang up/i.test(msg))
+            return true;
+        // Abort / timeout from our AbortController
+        if (msg.includes("aborted") || msg.includes("timeout"))
+            return true;
+        // Check for status property on the error (e.g. Anthropic SDK errors)
+        const statusErr = err;
+        if (statusErr.status && [429, 503, 529].includes(statusErr.status))
+            return true;
+    }
+    return false;
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/** Resolve the model to use for a given provider, clearing it if it doesn't belong to that provider */
+function resolveModelForProvider(model, targetProvider) {
+    if (!model)
+        return undefined;
+    const ownerProvider = MODEL_PROVIDER_MAP[model];
+    // If the model belongs to the target provider, use it as-is
+    if (ownerProvider === targetProvider)
+        return model;
+    // Otherwise, let the provider use its default
+    return undefined;
+}
+async function completeWithFailover(creds, prompt, model, provider, maxTokens, temperature, systemPrompt) {
+    // Defense-in-depth: cap max_tokens even if caller didn't
+    const MAX_TOKENS_CEILING = 16384;
+    const cappedMaxTokens = Math.min(maxTokens, MAX_TOKENS_CEILING);
+    const providers = provider ? [provider] : FAILOVER_ORDER;
+    const errors = [];
+    for (const p of providers) {
+        // Resolve model: use original if it belongs to this provider, otherwise let provider default
+        const effectiveModel = resolveModelForProvider(model, p);
+        // Attempt up to 2 tries (initial + 1 retry for transient errors)
+        for (let attempt = 0; attempt < 2; attempt++) {
+            try {
+                switch (p) {
+                    case "anthropic": {
+                        if (!creds.anthropic) {
+                            errors.push("anthropic: no API key configured");
+                            break;
+                        }
+                        const result = await callAnthropic(creds.anthropic.apiKey, prompt, effectiveModel, cappedMaxTokens, temperature, systemPrompt);
+                        result.text = stripCodeFences(result.text);
+                        return { success: true, data: result };
+                    }
+                    case "openai": {
+                        if (!creds.openai) {
+                            errors.push("openai: no API key configured");
+                            break;
+                        }
+                        const result = await callOpenAI(creds.openai.apiKey, prompt, effectiveModel, cappedMaxTokens, temperature, systemPrompt);
+                        result.text = stripCodeFences(result.text);
+                        return { success: true, data: result };
+                    }
+                    case "google": {
+                        if (!creds.google) {
+                            errors.push("google: no API key configured");
+                            break;
+                        }
+                        const result = await callGoogle(creds.google.apiKey, prompt, effectiveModel, cappedMaxTokens, temperature, systemPrompt);
+                        result.text = stripCodeFences(result.text);
+                        return { success: true, data: result };
+                    }
+                    case "bedrock": {
+                        if (!creds.bedrock) {
+                            errors.push("bedrock: no AWS credentials configured");
+                            break;
+                        }
+                        const result = await callBedrock(creds.bedrock.accessKeyId, creds.bedrock.secretAccessKey, creds.bedrock.region, prompt, effectiveModel, cappedMaxTokens, temperature, systemPrompt);
+                        result.text = stripCodeFences(result.text);
+                        return { success: true, data: result };
+                    }
+                    case "ollama": {
+                        if (!creds.ollama?.available) {
+                            errors.push("ollama: local server not available");
+                            break;
+                        }
+                        const result = await callOllama(prompt, effectiveModel, systemPrompt);
+                        result.text = stripCodeFences(result.text);
+                        return { success: true, data: result };
+                    }
+                    default:
+                        errors.push(`${p}: unknown provider`);
+                }
+                // If we hit a break (no credentials), skip retry and move to next provider
+                break;
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                if (attempt === 0 && isRetryableError(err)) {
+                    // Retry the same provider once after a short delay
+                    console.warn(`[llm-failover] ${p} transient error (attempt ${attempt + 1}), retrying in 1.5s:`, msg);
+                    await sleep(1500);
+                    continue;
+                }
+                errors.push(`${p}: ${msg}`);
+                console.error(`[llm-failover] ${p} failed (attempt ${attempt + 1}):`, msg);
+                // Break out of retry loop, move to next provider
+                break;
+            }
+        }
+    }
+    return {
+        success: false,
+        error: `All providers failed. ${errors.join(" | ")}`,
+    };
+}
+// ============================================================================
+// HANDLER
+// ============================================================================
+export async function handleLLM(sb, args, storeId) {
+    const action = args.action;
+    if (!storeId) {
+        return { success: false, error: "store_id is required for LLM provider operations" };
+    }
+    switch (action) {
+        // ================================================================
+        // COMPLETE — send a completion request with failover
+        // ================================================================
+        case "complete": {
+            const prompt = args.prompt;
+            if (!prompt) {
+                return { success: false, error: "prompt is required for complete action" };
+            }
+            // P1 FIX: Cap prompt size to prevent unbounded input token costs
+            const MAX_PROMPT_CHARS = 500_000; // ~125K tokens at 4 chars/token
+            if (prompt.length > MAX_PROMPT_CHARS) {
+                return { success: false, error: `Prompt too large: ${(prompt.length / 1000).toFixed(0)}K chars (max ${MAX_PROMPT_CHARS / 1000}K)` };
+            }
+            const model = args.model;
+            const provider = args.provider;
+            // P1 FIX: Cap max_tokens at 16384 to prevent runaway cost
+            const maxTokens = Math.min(args.max_tokens || 1024, 16384);
+            const temperature = args.temperature ?? 0.7;
+            const systemPrompt = args.system;
+            if (provider && !FAILOVER_ORDER.includes(provider)) {
+                return { success: false, error: `Invalid provider: ${provider}. Must be one of: ${FAILOVER_ORDER.join(", ")}` };
+            }
+            const creds = await getCredentials(sb, storeId);
+            return completeWithFailover(creds, prompt, model, provider, maxTokens, temperature, systemPrompt);
+        }
+        // ================================================================
+        // LIST_MODELS — list available models across configured providers
+        // ================================================================
+        case "list_models": {
+            const creds = await getCredentials(sb, storeId);
+            const models = [];
+            if (creds.anthropic) {
+                models.push(...ANTHROPIC_MODELS.map((m) => ({ provider: "anthropic", ...m })));
+            }
+            if (creds.openai) {
+                models.push(...OPENAI_MODELS.map((m) => ({ provider: "openai", ...m })));
+            }
+            if (creds.google) {
+                models.push(...GOOGLE_MODELS.map((m) => ({ provider: "google", ...m })));
+            }
+            if (creds.bedrock) {
+                models.push(...BEDROCK_MODELS.map((m) => ({ provider: "bedrock", ...m })));
+            }
+            if (creds.ollama?.available) {
+                // Try to get actual installed models from Ollama
+                try {
+                    const controller = new AbortController();
+                    const timer = setTimeout(() => controller.abort(), 3000);
+                    const resp = await fetch("http://localhost:11434/api/tags", { signal: controller.signal });
+                    clearTimeout(timer);
+                    if (resp.ok) {
+                        const data = await resp.json();
+                        if (data.models?.length) {
+                            models.push(...data.models.map((m) => ({
+                                provider: "ollama",
+                                model_id: m.name,
+                                name: `${m.name} (local)`,
+                                context_window: 0, // Ollama doesn't report this via API
+                            })));
+                        }
+                        else {
+                            models.push(...OLLAMA_MODELS.map((m) => ({ provider: "ollama", ...m })));
+                        }
+                    }
+                }
+                catch {
+                    models.push(...OLLAMA_MODELS.map((m) => ({ provider: "ollama", ...m })));
+                }
+            }
+            return { success: true, data: { models, total: models.length } };
+        }
+        // ================================================================
+        // FAILOVER_STATUS — show provider configuration and health
+        // ================================================================
+        case "failover_status": {
+            const creds = await getCredentials(sb, storeId);
+            const providers = [
+                {
+                    provider: "anthropic",
+                    configured: !!creds.anthropic,
+                    source: creds.anthropic ? "process.env.ANTHROPIC_API_KEY" : null,
+                    priority: 1,
+                },
+                {
+                    provider: "openai",
+                    configured: !!creds.openai,
+                    source: creds.openai ? "user_tool_secrets (encrypted)" : null,
+                    priority: 2,
+                },
+                {
+                    provider: "google",
+                    configured: !!creds.google,
+                    source: creds.google ? "user_tool_secrets (encrypted)" : null,
+                    priority: 3,
+                },
+                {
+                    provider: "bedrock",
+                    configured: !!creds.bedrock,
+                    source: creds.bedrock ? "user_tool_secrets (encrypted)" : null,
+                    region: creds.bedrock?.region || null,
+                    priority: 4,
+                },
+                {
+                    provider: "ollama",
+                    configured: !!creds.ollama?.available,
+                    source: creds.ollama?.available ? "localhost:11434" : null,
+                    priority: 5,
+                },
+            ];
+            const configuredCount = providers.filter((p) => p.configured).length;
+            return {
+                success: true,
+                data: {
+                    providers,
+                    failover_order: FAILOVER_ORDER,
+                    configured_count: configuredCount,
+                    total_providers: providers.length,
+                    note: configuredCount === 0
+                        ? "No LLM providers configured. Add API keys to user_tool_secrets."
+                        : `${configuredCount} provider(s) ready. Failover will try in order: ${FAILOVER_ORDER.filter((p) => providers.find((pr) => pr.provider === p)?.configured).join(" → ")}`,
+                },
+            };
+        }
+        default:
+            return { success: false, error: `Unknown LLM action: ${action}. Valid actions: complete, list_models, failover_status` };
+    }
+}

package/dist/server/handlers/local-agent.d.ts

@@ -0,0 +1,6 @@
+import type { SupabaseClient } from "@supabase/supabase-js";
+export declare function handleLocalAgent(_sb: SupabaseClient, args: Record<string, unknown>, storeId?: string): Promise<{
+    success: boolean;
+    data?: unknown;
+    error?: string;
+}>;