wotann 0.5.96 → 0.5.98

package/dist/browser/browser-tools.js

@@ -143,6 +143,34 @@ async function pickBackend(dep) {
 function errEnv(error, detail) {
     return { ok: false, error, ...(detail !== undefined ? { detail } : {}) };
 }
+function registerBrowserDomSource(dep, content) {
+    if (content.length === 0)
+        return;
+    dep.taint?.coordinator.registerSource({
+        kind: "browser-dom",
+        content,
+        integrity: "untrusted",
+    });
+}
+async function authorizeBrowserMutation(dep, tool, args) {
+    if (!dep.taint)
+        return errEnv("not_configured", "browser mutation taint policy is unavailable");
+    const sessionId = dep.taint.sessionId.trim();
+    if (!sessionId)
+        return errEnv("not_configured", "browser mutation taint session is unavailable");
+    const action = Object.freeze({
+        tool,
+        args: Object.freeze(structuredClone(args)),
+        cwd: dep.taint.cwd?.trim() || ".",
+    });
+    const authorization = await dep.taint.coordinator.authorize({ sessionId, action });
+    if (!authorization.authorized)
+        return errEnv("upstream_error", authorization.reason);
+    const verification = dep.taint.coordinator.verifyExecution({ authorization, action });
+    return verification.ok
+        ? null
+        : errEnv("upstream_error", `browser mutation execution verification failed: ${verification.reason}`);
+}
 // ── Dispatcher ──────────────────────────────────────────────
 export async function dispatchBrowserTool(toolName, input, dep) {
     // Agentic trio — these don't need a page-bound backend; they
@@ -150,7 +178,7 @@ export async function dispatchBrowserTool(toolName, input, dep) {
     if (toolName === "browser.plan" ||
         toolName === "browser.spawn_tab" ||
         toolName === "browser.approve_action") {
-        return dispatchAgenticTool(toolName, input, dep.agentic);
+        return dispatchAgenticTool(toolName, input, dep);
     }
     const backend = await pickBackend(dep);
     if (!backend) {
@@ -163,6 +191,9 @@ export async function dispatchBrowserTool(toolName, input, dep) {
                 return errEnv("bad_input", "url required");
             if (!isSafeUrl(url))
                 return errEnv("ssrf_blocked", url);
+            const taint = await authorizeBrowserMutation(dep, toolName, { url });
+            if (taint)
+                return taint;
             if (backend === "chrome" && dep.chrome) {
                 const result = await dep.chrome.execute({ type: "navigate", url });
                 return result.success
@@ -181,6 +212,9 @@ export async function dispatchBrowserTool(toolName, input, dep) {
             const selector = input["selector"];
             if (typeof selector !== "string" || selector.trim().length === 0)
                 return errEnv("bad_input", "selector required");
+            const taint = await authorizeBrowserMutation(dep, toolName, { selector });
+            if (taint)
+                return taint;
             if (backend === "chrome" && dep.chrome) {
                 const result = await dep.chrome.execute({ type: "click", selector });
                 return result.success
@@ -200,6 +234,9 @@ export async function dispatchBrowserTool(toolName, input, dep) {
             const text = input["text"];
             if (typeof selector !== "string" || typeof text !== "string")
                 return errEnv("bad_input", "selector + text required");
+            const taint = await authorizeBrowserMutation(dep, toolName, { selector, text });
+            if (taint)
+                return taint;
             if (backend === "chrome" && dep.chrome) {
                 const result = await dep.chrome.execute({ type: "type", selector, value: text });
                 return result.success
@@ -234,14 +271,20 @@ export async function dispatchBrowserTool(toolName, input, dep) {
                 const result = await dep.chrome.execute({ type: "read_dom" });
                 if (!result.success)
                     return errEnv("upstream_error", result.error);
-                const text = result.domTree ? dep.chrome.domToText(result.domTree) : (result.data ?? "");
+                const text = result.domTree
+                    ? dep.chrome.domToText(result.domTree)
+                    : typeof result.data === "string"
+                        ? result.data
+                        : "";
+                registerBrowserDomSource(dep, text);
                 return { ok: true, data: { text, backend } };
             }
             if (backend === "camoufox" && dep.camoufox) {
                 const result = await dep.camoufox.getText();
-                return result.success
-                    ? { ok: true, data: { text: result.text, backend } }
-                    : errEnv("upstream_error", result.error);
+                if (!result.success)
+                    return errEnv("upstream_error", result.error);
+                registerBrowserDomSource(dep, result.text);
+                return { ok: true, data: { text: result.text, backend } };
             }
             return errEnv("not_configured", "backend vanished");
         }
@@ -251,7 +294,8 @@ export async function dispatchBrowserTool(toolName, input, dep) {
         }
     }
 }
-async function dispatchAgenticTool(toolName, input, agentic) {
+async function dispatchAgenticTool(toolName, input, dep) {
+    const agentic = dep.agentic;
     switch (toolName) {
         case "browser.plan": {
             const task = input["task"];
@@ -289,6 +333,13 @@ async function dispatchAgenticTool(toolName, input, agentic) {
             const taskId = typeof taskIdRaw === "string" && taskIdRaw.length > 0 ? taskIdRaw : "default";
             if (!agentic || !agentic.tabRegistry)
                 return errEnv("not_configured", "tab-registry not wired");
+            const taint = await authorizeBrowserMutation(dep, toolName, {
+                ownership,
+                ...(url !== undefined ? { url } : {}),
+                taskId,
+            });
+            if (taint)
+                return taint;
             const tabId = agentic.spawnTabId?.(url) ?? `tab-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
             const owner = ownership === "user" ? { kind: "user" } : { kind: "agent", taskId };
             const result = agentic.tabRegistry.register(url !== undefined ? { tabId, owner, url } : { tabId, owner });

package/dist/channels/gateway.d.ts

@@ -65,7 +65,7 @@ export type AgentOutboundMessageResult = {
     readonly messageId: string;
 } | {
     readonly ok: false;
-    readonly reason: "channel_not_allowed" | "adapter_not_connected" | "missing_recipient_for_pairing" | "pairing_required";
+    readonly reason: "channel_not_allowed" | "adapter_not_connected" | "missing_recipient_for_pairing" | "pairing_required" | "taint_denied";
     readonly pairingCode?: string;
 };
 export type AgentMessageToolSender = (request: {
@@ -102,10 +102,22 @@ export interface DeviceNode {
 }
 export interface GatewayConfig {
     readonly requirePairing: boolean;
+    readonly requireOutboundAuthorization: boolean;
     readonly pairingCodeTTL: number;
     readonly maxQueueSize: number;
     readonly allowedChannels: readonly ChannelType[];
 }
+export interface ChannelOutboundPayload {
+    readonly channelType: ChannelType;
+    readonly channelId: string;
+    readonly content: string;
+    readonly replyTo?: string;
+    readonly purpose: "send" | "agent-message" | "broadcast" | "response";
+}
+export type ChannelOutboundAuthorizer = (payload: ChannelOutboundPayload) => Promise<{
+    readonly ok: boolean;
+    readonly reason?: string;
+}>;
 export declare class ChannelGateway {
     private readonly config;
     private adapters;
@@ -114,6 +126,7 @@ export declare class ChannelGateway {
     private devices;
     private messageQueue;
     private messageHandler;
+    private outboundAuthorizer;
     private routePolicyEngine;
     private pushInversionRegistry;
     constructor(config?: Partial<GatewayConfig>);
@@ -163,6 +176,7 @@ export declare class ChannelGateway {
      * This is typically the agent's query function.
      */
     setMessageHandler(handler: (message: ChannelMessage) => Promise<string>): void;
+    setOutboundAuthorizer(authorizer: ChannelOutboundAuthorizer): void;
     /**
      * Connect all registered adapters.
      */
@@ -239,4 +253,5 @@ export declare class ChannelGateway {
     getVerifiedSenderCount(): number;
     private handleIncomingMessage;
     private queueMessage;
+    private authorizeOutbound;
 }

package/dist/channels/gateway.js

@@ -31,6 +31,7 @@ import { randomUUID } from "node:crypto";
 import { createPushInversionRegistry, } from "./push-inversion.js";
 const DEFAULT_CONFIG = {
     requirePairing: true,
+    requireOutboundAuthorization: false,
     pairingCodeTTL: 5 * 60 * 1000, // 5 minutes
     maxQueueSize: 100,
     allowedChannels: ["telegram", "slack", "discord", "webchat", "cli"],
@@ -43,6 +44,7 @@ export class ChannelGateway {
     devices = new Map();
     messageQueue = [];
     messageHandler = null;
+    outboundAuthorizer = null;
     // Route-policy engine (optional). When present, every inbound message
     // is gated by the per-channel policy: pairing rules, rate limits, and
     // response formatting. When absent the gateway falls back to its
@@ -129,6 +131,9 @@ export class ChannelGateway {
     setMessageHandler(handler) {
         this.messageHandler = handler;
     }
+    setOutboundAuthorizer(authorizer) {
+        this.outboundAuthorizer = authorizer;
+    }
     /**
      * Connect all registered adapters.
      */
@@ -237,6 +242,9 @@ export class ChannelGateway {
         const adapter = this.adapters.get(channelType);
         if (!adapter?.connected)
             return false;
+        if (!(await this.authorizeOutbound({ channelType, channelId, content, replyTo, purpose: "send" }))) {
+            return false;
+        }
         return adapter.send(channelId, content, replyTo);
     }
     /**
@@ -261,6 +269,15 @@ export class ChannelGateway {
                 return { ok: false, reason: "pairing_required", pairingCode: pairing.code };
             }
         }
+        if (!(await this.authorizeOutbound({
+            channelType: request.channelType,
+            channelId: request.channelId,
+            content: request.content,
+            replyTo: request.replyTo,
+            purpose: "agent-message",
+        }))) {
+            return { ok: false, reason: "taint_denied" };
+        }
         const sent = await adapter.send(request.channelId, request.content, request.replyTo);
         if (!sent)
             return { ok: false, reason: "adapter_not_connected" };
@@ -292,6 +309,14 @@ export class ChannelGateway {
         const sent = [];
         for (const [type, adapter] of this.adapters) {
             if (adapter.connected) {
+                if (!(await this.authorizeOutbound({
+                    channelType: type,
+                    channelId: "broadcast",
+                    content,
+                    purpose: "broadcast",
+                }))) {
+                    continue;
+                }
                 const ok = await adapter.send("broadcast", content);
                 if (ok)
                     sent.push(type);
@@ -402,6 +427,17 @@ export class ChannelGateway {
                     : rawResponse;
                 const adapter = this.adapters.get(message.channelType);
                 if (adapter?.connected) {
+                    const authorized = await this.authorizeOutbound({
+                        channelType: message.channelType,
+                        channelId: message.channelId,
+                        content: response,
+                        replyTo: message.id,
+                        purpose: "response",
+                    });
+                    if (!authorized) {
+                        await adapter.send(message.channelId, "denied: outbound_authorization_required", message.id);
+                        return;
+                    }
                     await adapter.send(message.channelId, response, message.id);
                 }
                 else {
@@ -421,6 +457,16 @@ export class ChannelGateway {
         }
         this.messageQueue.push(message);
     }
+    async authorizeOutbound(payload) {
+        if (!this.outboundAuthorizer)
+            return !this.config.requireOutboundAuthorization;
+        try {
+            return (await this.outboundAuthorizer(payload)).ok;
+        }
+        catch {
+            return false;
+        }
+    }
 }
 function normalizeChannelOverride(value) {
     return typeof value === "string" ? value : undefined;

package/dist/channels/unified-dispatch.d.ts

@@ -19,7 +19,7 @@
  * A message received on Telegram can be responded to on Slack and emailed.
  * The dispatch plane abstracts away the transport layer completely.
  */
-import type { ChannelAdapter, ChannelMessage, ChannelType, DeviceNode } from "./gateway.js";
+import type { ChannelAdapter, ChannelMessage, ChannelOutboundAuthorizer, ChannelType, DeviceNode } from "./gateway.js";
 import type { DispatchRoutePolicy } from "./dispatch.js";
 import { RoutePolicyEngine } from "./route-policies.js";
 import type { ComputerSessionStore, SessionEvent } from "../session/computer-session-store.js";
@@ -57,6 +57,7 @@ export interface ChannelHealth {
 }
 export interface UnifiedDispatchConfig {
     readonly requirePairing: boolean;
+    readonly requireOutboundAuthorization: boolean;
     readonly pairingCodeTTL: number;
     readonly maxQueueSize: number;
     readonly maxInboxSize: number;
@@ -84,6 +85,7 @@ export declare class UnifiedDispatchPlane {
     private readonly policies;
     private readonly routePolicyEngine;
     private messageHandler;
+    private outboundAuthorizer;
     private computerSessionStore;
     private computerSessionDispose;
     private readonly computerSessionListeners;
@@ -91,6 +93,7 @@ export declare class UnifiedDispatchPlane {
     constructor(config?: Partial<UnifiedDispatchConfig>);
     registerAdapter(adapter: ChannelAdapter): void;
     setMessageHandler(handler: (message: ChannelMessage) => Promise<string>): void;
+    setOutboundAuthorizer(authorizer: ChannelOutboundAuthorizer): void;
     /**
      * Attach a ComputerSessionStore so session events flow through this plane
      * to every registered listener. Calling again with a different store
@@ -184,6 +187,7 @@ export declare class UnifiedDispatchPlane {
     private handleIncomingMessage;
     private processTask;
     private updateHealth;
+    private authorizeOutbound;
     private trimInbox;
 }
 export { analyzeComplexity, classifyPriority };

package/dist/channels/unified-dispatch.js

@@ -24,6 +24,7 @@ import { RoutePolicyEngine, createDefaultPolicy } from "./route-policies.js";
 import { SurfaceRegistry, } from "./fan-out.js";
 const DEFAULT_CONFIG = {
     requirePairing: true,
+    requireOutboundAuthorization: false,
     pairingCodeTTL: 5 * 60 * 1000,
     maxQueueSize: 100,
     maxInboxSize: 500,
@@ -96,6 +97,7 @@ export class UnifiedDispatchPlane {
     policies = new Map();
     routePolicyEngine;
     messageHandler = null;
+    outboundAuthorizer = null;
     // Computer-session bridge (Phase 3 P1-F1). When wired, incoming SessionEvents
     // fan out to every listener registered via `onComputerSessionEvent`. The
     // ComputerSessionStore remains the single source of truth for session state
@@ -138,6 +140,9 @@ export class UnifiedDispatchPlane {
     setMessageHandler(handler) {
         this.messageHandler = handler;
     }
+    setOutboundAuthorizer(authorizer) {
+        this.outboundAuthorizer = authorizer;
+    }
     // ── Computer-Session Bridge (Phase 3 P1-F1) ────────────
     /**
      * Attach a ComputerSessionStore so session events flow through this plane
@@ -317,7 +322,7 @@ export class UnifiedDispatchPlane {
         for (const channelType of targetChannels) {
             const adapter = this.adapters.get(channelType);
             if (adapter?.connected) {
-                const ok = await adapter.send("forward", content);
+                const ok = await this.sendToChannel(channelType, "forward", content);
                 if (ok)
                     forwarded.push(channelType);
             }
@@ -353,6 +358,9 @@ export class UnifiedDispatchPlane {
         const adapter = this.adapters.get(channelType);
         if (!adapter?.connected)
             return false;
+        if (!(await this.authorizeOutbound({ channelType, channelId, content, replyTo, purpose: "send" }))) {
+            return false;
+        }
         const ok = await adapter.send(channelId, content, replyTo);
         if (ok) {
             this.updateHealth(channelType, {
@@ -365,12 +373,9 @@ export class UnifiedDispatchPlane {
         const sent = [];
         for (const [type, adapter] of this.adapters) {
             if (adapter.connected) {
-                const ok = await adapter.send("broadcast", content);
+                const ok = await this.sendToChannel(type, "broadcast", content);
                 if (ok) {
                     sent.push(type);
-                    this.updateHealth(type, {
-                        messagesSent: (this.channelHealth.get(type)?.messagesSent ?? 0) + 1,
-                    });
                 }
             }
         }
@@ -503,10 +508,7 @@ export class UnifiedDispatchPlane {
             // Respond on the original channel
             const adapter = this.adapters.get(task.message.channelType);
             if (adapter?.connected) {
-                await adapter.send(task.message.channelId, response, task.message.id);
-                this.updateHealth(task.message.channelType, {
-                    messagesSent: (this.channelHealth.get(task.message.channelType)?.messagesSent ?? 0) + 1,
-                });
+                await this.sendToChannel(task.message.channelType, task.message.channelId, response, task.message.id);
             }
             // Cross-channel routing: also send to configured response channels
             if (this.config.enableCrossChannelRouting) {
@@ -538,6 +540,16 @@ export class UnifiedDispatchPlane {
         };
         this.channelHealth.set(type, { ...current, ...updates });
     }
+    async authorizeOutbound(payload) {
+        if (!this.outboundAuthorizer)
+            return !this.config.requireOutboundAuthorization;
+        try {
+            return (await this.outboundAuthorizer(payload)).ok;
+        }
+        catch {
+            return false;
+        }
+    }
     trimInbox() {
         if (this.inbox.size > this.config.maxInboxSize) {
             const completed = [...this.inbox.entries()]

package/dist/cli/cli-detection.js

@@ -65,14 +65,6 @@ export const CLI_REGISTRY = Object.freeze([
         versionRegex: /(\d+\.\d+\.\d+)/,
         url: "https://github.com/google-gemini/gemini-cli",
     },
-    {
-        id: "ollama",
-        displayName: "Ollama",
-        binaryNames: ["ollama"],
-        versionArgs: ["--version"],
-        versionRegex: /version is (\d+\.\d+\.\d+)/,
-        url: "https://ollama.ai",
-    },
     {
         id: "aider",
         displayName: "Aider",

package/dist/cli/commands/browse.d.ts

@@ -15,9 +15,9 @@
  *   - A planner stub (cheap heuristic — production wires to a real LLM)
  *   - A browser driver stub (production wires to chrome-bridge.ts)
  *
- * QB #6 (honest stubs): when running without --enable-driver the command
- * runs in dry-run mode against a synthetic page. Production callers wire
- * their own browser driver via `runAgenticBrowse`.
+ * QB #6 (honest stubs): the command runs in dry-run mode against a
+ * synthetic page. `--enable-driver` fails closed until this CLI owns a
+ * real driver wire. Production callers inject one via `runAgenticBrowse`.
  */
 import type { BrowsePlan, BrowseSessionStatus } from "../../browser/agentic-browser.js";
 export interface BrowseCommandOptions {
@@ -30,7 +30,7 @@ export interface BrowseCommandOptions {
     readonly startUrl?: string;
     /** When true, requires every browser action to pause for human approval. */
     readonly alwaysAsk?: boolean;
-    /** When false (default), runs in dry-run mode (no real browser nav). */
+    /** Reserved for a future real driver wire. Currently fails closed when true. */
     readonly enableDriver?: boolean;
 }
 export interface BrowseCommandResult {

package/dist/cli/commands/browse.js

@@ -15,9 +15,9 @@
  *   - A planner stub (cheap heuristic — production wires to a real LLM)
  *   - A browser driver stub (production wires to chrome-bridge.ts)
  *
- * QB #6 (honest stubs): when running without --enable-driver the command
- * runs in dry-run mode against a synthetic page. Production callers wire
- * their own browser driver via `runAgenticBrowse`.
+ * QB #6 (honest stubs): the command runs in dry-run mode against a
+ * synthetic page. `--enable-driver` fails closed until this CLI owns a
+ * real driver wire. Production callers inject one via `runAgenticBrowse`.
  */
 import { runAgenticBrowse } from "../../browser/agentic-browser.js";
 import { inspectUrl } from "../../security/url-instruction-guard.js";
@@ -59,7 +59,7 @@ function deriveUrlFromTask(task) {
     const q = encodeURIComponent(task.slice(0, 256));
     return `https://duckduckgo.com/html/?q=${q}`;
 }
-// ── Driver stub (replaced when --enable-driver passes) ──────────
+// ── Driver stub ─────────────────────────────────────────────────
 /**
  * Honest dry-run driver — never opens a browser. Returns a synthetic
  * page snapshot so the orchestrator's security pipeline can exercise
@@ -151,7 +151,7 @@ function buildTrifectaWrapper(alwaysAsk) {
 // ── Run command ────────────────────────────────────────────────
 export async function runBrowseCommand(opts) {
     const task = opts.task.trim();
-    const dryRun = opts.enableDriver !== true;
+    const dryRun = true;
     const placeholderPlan = {
         id: "plan-empty",
         task: "",
@@ -171,6 +171,17 @@ export async function runBrowseCommand(opts) {
         };
     }
     const plan = buildHeuristicPlan(task, opts.startUrl);
+    if (opts.enableDriver === true) {
+        return {
+            ok: false,
+            task,
+            plan,
+            status: "failed",
+            stepsExecuted: 0,
+            dryRun,
+            error: "--enable-driver is not wired; no real browser action executed",
+        };
+    }
     // QB #6 honest stubs: per-session HMAC secret + cheap heuristic
     // classifier. Production callers (Claude Sub, OpenAI, etc.) wire a
     // real LLM-backed classifier here.
@@ -201,6 +212,7 @@ export async function runBrowseCommand(opts) {
         hiddenTextScan: buildHiddenTextScan(),
         trifectaGuard: buildTrifectaWrapper(opts.alwaysAsk === true),
         browserDriver: createDryRunDriver(),
+        executionMode: "dry-run",
         ...(opts.maxSteps !== undefined ? { maxStepsOverride: opts.maxSteps } : {}),
         ...(cursorEmit !== undefined ? { cursorEmit } : {}),
     };

package/dist/cli/commands/computer-use.d.ts

@@ -42,7 +42,7 @@
 import { ComputerUseAgent, type ComputerAgentRepertoire } from "../../computer-use/computer-agent.js";
 import { type ReplayReport } from "../../computer-use/action-replay.js";
 import type { ComputerAction } from "../../computer-use/driver-contract.js";
-import { CuaDriverComputerDriver } from "../../computer-use/cua-driver-backend.js";
+import type { CuaDriverComputerDriver } from "../../computer-use/cua-driver-backend.js";
 export type ComputerUseSubcommand = "click" | "type" | "key" | "screenshot" | "wait" | "scroll" | "repertoire" | "replay";
 /** Subcommands that the CLI exposes. Source of truth for the
  *  `src/index.ts` dispatcher's `valid` allow-list. */

package/dist/cli/commands/computer-use.js

@@ -42,7 +42,6 @@
 import { promises as fs } from "node:fs";
 import { ComputerUseAgent, } from "../../computer-use/computer-agent.js";
 import { deserializeSession, replaySession, } from "../../computer-use/action-replay.js";
-import { CuaDriverComputerDriver, cuaDriverInstallHint, isCuaDriverAvailable, } from "../../computer-use/cua-driver-backend.js";
 /** Subcommands that the CLI exposes. Source of truth for the
  *  `src/index.ts` dispatcher's `valid` allow-list. */
 export const COMPUTER_USE_SUBCOMMANDS = Object.freeze([
@@ -165,47 +164,13 @@ export async function runComputerUseCommand(opts) {
             dryRun: true,
         };
     }
-    const available = opts.isComputerDriverAvailable ?? isCuaDriverAvailable;
-    if (opts.makeComputerDriver === undefined && !available()) {
-        return {
-            ok: false,
-            subcommand: opts.subcommand,
-            action,
-            dryRun: false,
-            error: `cua-driver unavailable — ${cuaDriverInstallHint()}`,
-        };
-    }
-    // --execute path: explicit opt-in only. It uses the provider-agnostic
-    // CUA driver backend rather than Anthropic computer_use schemas; dry-run
-    // remains the default safety boundary.
-    const driver = opts.makeComputerDriver ? opts.makeComputerDriver() : new CuaDriverComputerDriver();
-    try {
-        const execution = await driver.execute(action);
-        return {
-            ok: execution.ok,
-            subcommand: opts.subcommand,
-            action,
-            dryRun: false,
-            ...(execution.ok ? {} : { error: execution.error ?? "computer-use execute failed" }),
-            execution: {
-                ok: execution.ok,
-                ...(execution.output !== undefined ? { output: execution.output } : {}),
-                ...(execution.error !== undefined ? { error: execution.error } : {}),
-            },
-        };
-    }
-    catch (err) {
-        return {
-            ok: false,
-            subcommand: opts.subcommand,
-            action,
-            dryRun: false,
-            error: `execute failed: ${err instanceof Error ? err.message : String(err)}`,
-        };
-    }
-    finally {
-        await driver.close();
-    }
+    return {
+        ok: false,
+        subcommand: opts.subcommand,
+        action,
+        dryRun: false,
+        error: "computer-use --execute requires daemon — run `wotann engine start`, then retry",
+    };
 }
 // ── Phase-2 subcommand handlers ─────────────────────────────────
 /**

package/dist/cli/commands.js

@@ -9,7 +9,7 @@ import { promisify } from "node:util";
 import { createWorkspace } from "../core/workspace.js";
 import { discoverProviders, formatFullStatus } from "../providers/discovery.js";
 import { PROVIDER_DEFAULTS } from "../providers/model-defaults.js";
-import { resolveOllamaHost } from "../providers/ollama-host.js";
+import { isForbiddenTrustLayerProvider } from "../providers/fallback-chain.js";
 import { buildPRDescription, parseConflictBlocks, parseDiffStat, renderCommitMessage, suggestCommitMessage, suggestConflictResolution, } from "../git/magic-git.js";
 const execFileAsync = promisify(execFile);
 export async function runInit(targetDir, options) {
@@ -54,20 +54,12 @@ export async function runInit(targetDir, options) {
             console.log(chalk.dim(`    ○ ${p.label}`) + chalk.dim(` — ${setupHint}`));
         }
     }
-    // Free-tier guidance
+    // Legacy --free compatibility guidance. Trust-layer inference stays BYO.
     if (options.free) {
         console.log();
-        console.log(chalk.bold("  Free-tier setup:"));
-        console.log(chalk.dim("    Primary:  Ollama local (free, private, offline)"));
-        console.log(chalk.dim("    Overflow: Cerebras → Groq → Google AI Studio"));
-        console.log(chalk.dim("    KV cache: q8_0 (doubles Ollama context window)"));
-        const ollamaActive = active.some((p) => p.provider === "ollama");
-        if (!ollamaActive) {
-            console.log();
-            console.log(chalk.yellow("  ⚠ Ollama not detected."));
-            console.log(chalk.dim("    Install: https://ollama.ai"));
-            console.log(chalk.dim("    Then:    ollama pull qwen3-coder-next"));
-        }
+        console.log(chalk.bold("  BYO provider required:"));
+        console.log(chalk.dim("    --free no longer configures local or anonymous model runtimes."));
+        console.log(chalk.dim("    Configure a remote subscription or API key with `wotann login`."));
     }
     // Extended context guidance
     if (options.extendedContext) {
@@ -91,8 +83,6 @@ function getProviderSetupHint(provider) {
             return 'npx @openai/codex --full-auto "hello"';
         case "copilot":
             return "export GH_TOKEN=ghp_... (GitHub PAT)";
-        case "ollama":
-            return "ollama serve (https://ollama.ai)";
         case "gemini":
             return "export GEMINI_API_KEY=... (free at ai.google.dev)";
         case "huggingface":
@@ -176,7 +166,7 @@ export async function runDoctor(targetDir, options = {}) {
         detail: `${nodeVersion} (requires ≥22.13.0)`,
     });
     // S4-9: Expanded doctor checks — daemon health, socket, DB integrity,
-    // Ollama reachability, port conflicts, API key validity.
+    // port conflicts, and API key validity.
     // 4. Daemon socket reachability
     const { resolveDaemonSocketPath, isNamedPipe } = await import("../daemon/transport/socket-path.js");
     const socketPath = process.platform === "win32"
@@ -241,27 +231,7 @@ export async function runDoctor(targetDir, options = {}) {
             detail: "Not yet created (no-op)",
         });
     }
-    // 6. Ollama reachability (if configured) — Round 9 single-source-of-truth.
-    const ollamaUrl = resolveOllamaHost();
-    try {
-        const controller = new AbortController();
-        const timer = setTimeout(() => controller.abort(), 1500);
-        const res = await fetch(`${ollamaUrl}/api/version`, { signal: controller.signal });
-        clearTimeout(timer);
-        checks.push({
-            name: "Ollama",
-            ok: res.ok,
-            detail: res.ok ? `Reachable at ${ollamaUrl}` : `HTTP ${res.status}`,
-        });
-    }
-    catch {
-        checks.push({
-            name: "Ollama",
-            ok: false,
-            detail: `Not reachable at ${ollamaUrl} (install ollama or set OLLAMA_URL)`,
-        });
-    }
-    // 7. Session token perms (if present) — must be 0o600
+    // 6. Session token perms (if present) — must be 0o600
     const tokenPath = resolveWotannHomeSubdir("session-token.json");
     if (existsSync(tokenPath)) {
         try {
@@ -489,7 +459,7 @@ export async function runMagicGit(options) {
 }
 export function buildModelCatalogRows(defaults, statuses) {
     const statusByProvider = new Map(statuses.map((status) => [status.provider, status]));
-    return Object.entries(defaults).map(([provider, entry]) => {
+    return Object.entries(defaults).filter(([provider]) => !isForbiddenTrustLayerProvider(provider)).map(([provider, entry]) => {
         const status = statusByProvider.get(provider);
         const seen = new Set();
         const models = [];