zidane 4.0.2 → 4.1.4

package/dist/providers-CX-R-Oy-.js

@@ -0,0 +1,969 @@
+import { o as matchesContextExceeded } from "./errors-D1lhd6mX.js";
+import { d as toolResultsMessage, f as userMessage, i as toAnthropic, n as fromAnthropic, s as assistantMessage, u as openaiCompat } from "./messages-z5Pq20p7.js";
+import { resolve } from "node:path";
+import { existsSync, readFileSync, renameSync, writeFileSync } from "node:fs";
+import { getOAuthApiKey } from "@mariozechner/pi-ai/oauth";
+import { getModel } from "@mariozechner/pi-ai";
+import { streamOpenAICodexResponses } from "@mariozechner/pi-ai/openai-codex-responses";
+//#region src/providers/oauth.ts
+/**
+* Resolve the creds-file path at call time rather than module-load time.
+* Hosts that `chdir` between import and first OAuth use (test suites,
+* multi-project CLIs) previously got a stale path captured at import.
+*/
+function credentialsFilePath() {
+	return resolve(process.cwd(), ".credentials.json");
+}
+/**
+* POSIX mode for credentials on disk. Read+write for the owner only — refresh
+* tokens and API keys leak if the file is world-readable on a shared box.
+* Ignored on Windows.
+*/
+const CREDENTIALS_FILE_MODE = 384;
+/**
+* In-process mutex table keyed by provider id. Concurrent `resolveOAuthApiKey`
+* calls for the same provider (typical when a host fans out multiple streams
+* at once) coalesce onto a single refresh. Without this, N concurrent calls
+* each hit `getOAuthApiKey`, producing N writes to `.credentials.json` with
+* last-write-wins semantics — and, in worst-case interleaving, a corrupted
+* file.
+*/
+const refreshLocks = /* @__PURE__ */ new Map();
+/**
+* Read the shared `.credentials.json` file.
+*
+* Returns `{}` when the file is missing OR when the file exists but is corrupted
+* / not valid JSON. Corrupt-file tolerance is important: the refresh-then-persist
+* path below writes atomically, but older builds wrote in place and could have
+* truncated the file on a crash. Treating corruption as "no stored creds" lets
+* users re-auth without manually deleting the file.
+*/
+function readOAuthCredentials() {
+	const path = credentialsFilePath();
+	if (!existsSync(path)) return {};
+	try {
+		const raw = readFileSync(path, "utf-8");
+		const parsed = JSON.parse(raw);
+		if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return {};
+		return parsed;
+	} catch {
+		return {};
+	}
+}
+/**
+* Atomically write `.credentials.json` with mode 0o600.
+*
+* Writes to a sibling temp file first, then renames. `rename(2)` is atomic on
+* the same filesystem, so readers either see the old file or the new one —
+* never a half-written one. This matters when a host has multiple processes
+* pointed at the same creds file.
+*/
+function writeOAuthCredentials(credentials) {
+	const path = credentialsFilePath();
+	const tmp = `${path}.${process.pid}.${Date.now()}.tmp`;
+	writeFileSync(tmp, JSON.stringify(credentials, null, 2), { mode: CREDENTIALS_FILE_MODE });
+	renameSync(tmp, path);
+}
+function credentialsFromParams(params, extraKeys = []) {
+	if (typeof params?.access !== "string" || typeof params.refresh !== "string" || typeof params.expires !== "number") return void 0;
+	const extras = Object.fromEntries(extraKeys.map((key) => [key, params[key]]).filter(([, value]) => value !== void 0));
+	return {
+		access: params.access,
+		refresh: params.refresh,
+		expires: params.expires,
+		...extras
+	};
+}
+async function resolveOAuthApiKey(options, callbacks) {
+	if (typeof options.params?.apiKey === "string") return options.params.apiKey;
+	const paramsCredentials = credentialsFromParams(options.params, options.extraCredentialKeys);
+	if (paramsCredentials) return await withRefreshLock(`params:${options.providerId}`, () => resolveCredentialSource("params", paramsCredentials));
+	if (typeof options.params?.access === "string") return options.params.access;
+	if (options.envKey && process.env[options.envKey]) return process.env[options.envKey];
+	const readCredentials = options.readCredentials ?? readOAuthCredentials;
+	const writeCredentials = options.writeCredentials ?? writeOAuthCredentials;
+	return await withRefreshLock(`file:${options.providerId}`, async () => {
+		const allCredentials = readCredentials();
+		const storedCredentials = allCredentials[options.providerId];
+		if (!storedCredentials) throw new Error(options.missingError);
+		return await resolveCredentialSource("file", storedCredentials, allCredentials, writeCredentials);
+	});
+	async function resolveCredentialSource(source, current, allCredentials, persistCredentials) {
+		try {
+			const result = await (options.getOAuthApiKey ?? getOAuthApiKey)(options.providerId, { [options.providerId]: current });
+			if (!result) throw new Error(options.missingError);
+			if (result.newCredentials !== current) {
+				if (source === "file" && allCredentials && persistCredentials) {
+					allCredentials[options.providerId] = result.newCredentials;
+					persistCredentials(allCredentials);
+				}
+				await callbacks?.onOAuthRefresh?.({
+					provider: options.provider,
+					providerId: options.providerId,
+					source,
+					previousCredentials: { ...current },
+					credentials: { ...result.newCredentials }
+				});
+			}
+			return result.apiKey;
+		} catch (err) {
+			const reason = err instanceof Error ? err.message : String(err);
+			throw new Error(options.refreshError(reason));
+		}
+	}
+}
+/**
+* Coalesce concurrent refresh calls onto a single in-flight promise per key.
+* The key combines the source (`params` vs `file`) and provider id, so a
+* per-agent param-only refresh does not starve a separate file-backed one.
+*/
+async function withRefreshLock(key, fn) {
+	const existing = refreshLocks.get(key);
+	if (existing) return existing;
+	const task = (async () => {
+		try {
+			return await fn();
+		} finally {
+			refreshLocks.delete(key);
+		}
+	})();
+	refreshLocks.set(key, task);
+	return task;
+}
+//#endregion
+//#region src/providers/anthropic.ts
+let _sdkCtor = null;
+async function loadAnthropicSdk() {
+	if (_sdkCtor) return _sdkCtor;
+	try {
+		_sdkCtor = (await import("@anthropic-ai/sdk")).default;
+		return _sdkCtor;
+	} catch (err) {
+		throw new Error("The `anthropic` provider requires the `@anthropic-ai/sdk` package, which is an optional peer dependency. Install it with your package manager (e.g. `bun add @anthropic-ai/sdk`).", err instanceof Error ? { cause: err } : void 0);
+	}
+}
+/** Beta flags sent unconditionally on the OAuth path (Claude Code parity). */
+const OAUTH_DEFAULT_BETAS = ["claude-code-20250219", "oauth-2025-04-20"];
+/**
+* Build the `anthropic-beta` header value — OAuth defaults plus caller-supplied
+* extras, de-duped while preserving order. Returns `undefined` when no betas
+* apply (non-OAuth, no extras).
+*/
+function resolveAnthropicBetas(isOAuth, extraBetas) {
+	const seen = /* @__PURE__ */ new Set();
+	const out = [];
+	if (isOAuth) {
+		for (const b of OAUTH_DEFAULT_BETAS) if (!seen.has(b)) {
+			seen.add(b);
+			out.push(b);
+		}
+	}
+	if (extraBetas) {
+		for (const b of extraBetas) if (typeof b === "string" && b.length > 0 && !seen.has(b)) {
+			seen.add(b);
+			out.push(b);
+		}
+	}
+	return out.length > 0 ? out.join(",") : void 0;
+}
+function getConfiguredApiKey(anthropicParams) {
+	if (anthropicParams?.apiKey) return anthropicParams.apiKey;
+	if (anthropicParams?.access) return anthropicParams.access;
+	if (process.env.ANTHROPIC_API_KEY) return process.env.ANTHROPIC_API_KEY;
+	const access = readOAuthCredentials().anthropic?.access;
+	if (typeof access === "string" && access.length > 0) return access;
+	throw new Error("No API key found. Run `bun run auth` first.");
+}
+function createClient(SDK, apiKey, isOAuth, baseURL, extraBetas) {
+	const base = baseURL ? { baseURL } : {};
+	const betaHeader = resolveAnthropicBetas(isOAuth, extraBetas);
+	if (isOAuth) {
+		const defaultHeaders = {
+			"anthropic-dangerous-direct-browser-access": "true",
+			"user-agent": "zidane/2.0.0",
+			"x-app": "cli"
+		};
+		if (betaHeader) defaultHeaders["anthropic-beta"] = betaHeader;
+		return new SDK({
+			apiKey: null,
+			authToken: apiKey,
+			dangerouslyAllowBrowser: true,
+			defaultHeaders,
+			...base
+		});
+	}
+	const defaultHeaders = betaHeader ? { "anthropic-beta": betaHeader } : void 0;
+	return new SDK({
+		apiKey,
+		...defaultHeaders ? { defaultHeaders } : {},
+		...base
+	});
+}
+/**
+* Map `ThinkingLevel` budgeted tiers to Anthropic's `output_config.effort`
+* enum. Anthropic exposes `low | medium | high | xhigh | max`; we surface the
+* three middle levels plus a `minimal` alias that collapses to `low` (the
+* closest equivalent — Anthropic does not have a sub-`low` tier).
+*/
+const EFFORT_FOR_LEVEL = {
+	minimal: "low",
+	low: "low",
+	medium: "medium",
+	high: "high"
+};
+/**
+* Decide how to translate a `ThinkingLevel` into Anthropic's request shape.
+* Pure / synchronous — exported so tests can assert routing without standing
+* up the SDK.
+*
+* Routing rules:
+* - `'off'` → `null` (no thinking field, no effort hint).
+* - `'adaptive'` → adaptive thinking with no effort hint (model decides
+*   everything). When `customBudget` is set, it is carried as `maxTokensCap`
+*   so the request builder caps `max_tokens` accordingly — adaptive has no
+*   native budget knob, but capping the response envelope soft-bounds the
+*   thinking that lives inside it.
+* - `'minimal' | 'low' | 'medium' | 'high'` → adaptive thinking with an
+*   `effort` hint, unless `customBudget` is provided.
+* - Any level + `customBudget` → explicit-budget `enabled` path. The caller
+*   has opted into precise budget control and accepts the Anthropic
+*   deprecation warning that comes with it on opus 4.6+. `'adaptive'` is the
+*   sole exception: it never falls back to enabled, since adaptive is the
+*   current Anthropic API surface for self-budgeted thinking.
+*/
+function planAnthropicThinking(level, customBudget) {
+	if (level === "off") return null;
+	if (level === "adaptive") {
+		if (typeof customBudget === "number" && customBudget > 0) return {
+			kind: "adaptive",
+			maxTokensCap: customBudget
+		};
+		return { kind: "adaptive" };
+	}
+	if (customBudget !== void 0) return {
+		kind: "enabled",
+		budgetTokens: customBudget,
+		maxTokensBump: customBudget
+	};
+	return {
+		kind: "adaptive",
+		effort: EFFORT_FOR_LEVEL[level]
+	};
+}
+/**
+* Map Anthropic's native `stop_reason` to the zidane `TurnFinishReason` union.
+*
+* `pause_turn` and `model_context_window_exceeded` are 4.6+ stop reasons that
+* pre-Z21 collapsed to `'other'` and silently terminated the run. They now
+* map to `'pause'` and `'length'` respectively, and the surrounding caller
+* adjusts the `done` flag so the loop can recover.
+*/
+function mapStopReason(stopReason) {
+	if (!stopReason) return void 0;
+	switch (stopReason) {
+		case "end_turn":
+		case "stop_sequence": return "stop";
+		case "tool_use": return "tool-calls";
+		case "max_tokens":
+		case "model_context_window_exceeded": return "length";
+		case "refusal": return "content-filter";
+		case "pause_turn": return "pause";
+		default: return "other";
+	}
+}
+const EPHEMERAL = { type: "ephemeral" };
+/**
+* Mutate an Anthropic request in place to add cache breakpoints on the three
+* stable prefixes:
+*  1. System prompt — last text block.
+*  2. Tool definitions — last tool.
+*  3. Conversation — last content block of the last message.
+*
+* Each breakpoint tells Anthropic to cache the prefix ending at that block;
+* subsequent turns reuse the cached prefix and pay only for the delta. Safe
+* no-op when any prefix is empty (no tools, empty system, etc.).
+*/
+function applyAnthropicCacheBreakpoints(params) {
+	if (typeof params.system === "string") {
+		if (params.system.length > 0) params.system = [{
+			type: "text",
+			text: params.system,
+			cache_control: EPHEMERAL
+		}];
+	} else if (Array.isArray(params.system) && params.system.length > 0) {
+		const lastIdx = params.system.length - 1;
+		params.system = params.system.map((block, i) => i === lastIdx ? {
+			...block,
+			cache_control: EPHEMERAL
+		} : block);
+	}
+	if (params.tools && params.tools.length > 0) {
+		const lastIdx = params.tools.length - 1;
+		params.tools = params.tools.map((tool, i) => i === lastIdx ? {
+			...tool,
+			cache_control: EPHEMERAL
+		} : tool);
+	}
+	if (params.messages.length === 0) return;
+	const lastMsgIdx = params.messages.length - 1;
+	const lastMsg = params.messages[lastMsgIdx];
+	if (typeof lastMsg.content === "string") {
+		if (lastMsg.content.length === 0) return;
+		params.messages[lastMsgIdx] = {
+			...lastMsg,
+			content: [{
+				type: "text",
+				text: lastMsg.content,
+				cache_control: EPHEMERAL
+			}]
+		};
+		return;
+	}
+	if (!Array.isArray(lastMsg.content) || lastMsg.content.length === 0) return;
+	const blocks = lastMsg.content;
+	let targetIdx = blocks.length - 1;
+	while (targetIdx >= 0 && isThinkingBlock(blocks[targetIdx])) targetIdx -= 1;
+	if (targetIdx < 0) return;
+	const nextBlocks = blocks.slice();
+	nextBlocks[targetIdx] = {
+		...nextBlocks[targetIdx],
+		cache_control: EPHEMERAL
+	};
+	params.messages[lastMsgIdx] = {
+		...lastMsg,
+		content: nextBlocks
+	};
+}
+function isThinkingBlock(block) {
+	return block.type === "thinking" || block.type === "redacted_thinking";
+}
+/**
+* Duck-type check for an Anthropic SDK `APIError` — avoids a runtime dependency
+* on `@anthropic-ai/sdk` so `classifyError` stays usable even when the optional
+* peer dep isn't loaded (e.g. host code calling it on an unrelated provider's
+* error).
+*
+* Anthropic's APIError shape: `.status: number` + `.error` (parsed body, object
+* or null). Plain `Error`s don't have `.status` + `.error`.
+*/
+function looksLikeAnthropicApiError(err) {
+	if (!err || typeof err !== "object") return false;
+	const e = err;
+	return typeof e.status === "number" && "error" in e;
+}
+/**
+* Classify an Anthropic SDK / HTTP error for typed-error wrapping.
+*
+* - `prompt is too long` (400 invalid_request_error) → `context_exceeded`.
+* - Any other Anthropic `APIError`-shaped value → `provider_error` with the
+*   native status/type code.
+* - Unknown errors → `null` (loop wraps in `AgentProviderError` generically).
+*
+* Anthropic's wire error shape is `{ type: 'error', error: { type, message } }` — the
+* SDK stores the parsed body on `err.error`. We walk both levels so callers see the
+* most specific `providerCode` we can find.
+*/
+function classifyAnthropicError(err) {
+	if (!err || typeof err !== "object") return null;
+	const anyErr = err;
+	if (anyErr.name === "AbortError") return { kind: "aborted" };
+	if (!looksLikeAnthropicApiError(err)) return null;
+	const innerType = anyErr.error?.error?.type;
+	const outerType = anyErr.error?.type;
+	const nativeType = innerType && innerType !== "error" ? innerType : outerType;
+	const message = anyErr.error?.error?.message ?? anyErr.error?.message ?? anyErr.message ?? "";
+	if (matchesContextExceeded(message)) return {
+		kind: "context_exceeded",
+		providerCode: nativeType ?? "invalid_request_error",
+		message
+	};
+	const status = anyErr.status;
+	const retryable = typeof status === "number" ? status === 429 || status >= 500 && status !== 501 : void 0;
+	return {
+		kind: "provider_error",
+		providerCode: nativeType ?? (status ? String(status) : void 0),
+		message,
+		...retryable !== void 0 ? { retryable } : {}
+	};
+}
+/**
+* Build a user `SessionMessage` from multimodal prompt parts.
+*
+* - Text parts → text blocks.
+* - Image parts → base64 image blocks.
+* - Document parts with `encoding: 'text'` → inlined as a text block with an
+*   `<attachment>` header so the model sees a clearly-delimited attachment.
+* - Document parts with `encoding: 'base64'` → serialized as an `<attachment
+*   encoding="base64">`-tagged text block. Native Anthropic document/PDF blocks
+*   are not yet wired through the SessionContentBlock union, so consumers
+*   needing true PDF ingestion should preprocess to text first.
+*
+* The format mirrors `defaultPromptMessage`'s output on shape — Anthropic-specific
+* handling differs only in that `promptMessage` being present tells the agent loop
+* to route PromptPart[] through this function rather than throwing on base64 docs.
+*/
+function anthropicPromptMessage(parts) {
+	const content = [];
+	for (const part of parts) {
+		if (part.type === "text") {
+			if (part.text.length > 0) content.push({
+				type: "text",
+				text: part.text
+			});
+			continue;
+		}
+		if (part.type === "image") {
+			content.push({
+				type: "image",
+				mediaType: part.mediaType,
+				data: part.data
+			});
+			continue;
+		}
+		if (part.encoding === "text") {
+			const header = part.name ? `<attachment name="${part.name}" media_type="${part.mediaType}">` : `<attachment media_type="${part.mediaType}">`;
+			content.push({
+				type: "text",
+				text: `${header}\n${part.data}\n</attachment>`
+			});
+			continue;
+		}
+		const header = part.name ? `<attachment name="${part.name}" media_type="${part.mediaType}" encoding="base64">` : `<attachment media_type="${part.mediaType}" encoding="base64">`;
+		content.push({
+			type: "text",
+			text: `${header}\n${part.data}\n</attachment>`
+		});
+	}
+	return {
+		role: "user",
+		content
+	};
+}
+function anthropic(anthropicParams) {
+	const isOAuth = getConfiguredApiKey(anthropicParams).includes("sk-ant-oat");
+	const defaultModel = anthropicParams?.defaultModel || "claude-opus-4-6";
+	let runtimeCredentials = typeof anthropicParams?.access === "string" && typeof anthropicParams.refresh === "string" && typeof anthropicParams.expires === "number" ? {
+		access: anthropicParams.access,
+		refresh: anthropicParams.refresh,
+		expires: anthropicParams.expires
+	} : void 0;
+	return {
+		name: "anthropic",
+		meta: {
+			defaultModel,
+			isOAuth,
+			capabilities: {
+				vision: true,
+				imageInToolResult: true
+			}
+		},
+		formatTools(tools) {
+			return tools.map((t) => ({
+				name: t.name,
+				description: t.description,
+				input_schema: t.inputSchema
+			}));
+		},
+		userMessage(content) {
+			return {
+				role: "user",
+				content: [{
+					type: "text",
+					text: content
+				}]
+			};
+		},
+		assistantMessage(content) {
+			return {
+				role: "assistant",
+				content: [{
+					type: "text",
+					text: content
+				}]
+			};
+		},
+		toolResultsMessage(results) {
+			return {
+				role: "user",
+				content: results.map((r) => ({
+					type: "tool_result",
+					callId: r.id,
+					output: r.content
+				}))
+			};
+		},
+		promptMessage: anthropicPromptMessage,
+		classifyError: classifyAnthropicError,
+		async stream(options, callbacks) {
+			const SDK = await loadAnthropicSdk();
+			const apiKey = await resolveOAuthApiKey({
+				provider: "anthropic",
+				providerId: "anthropic",
+				params: runtimeCredentials ? {
+					...anthropicParams,
+					...runtimeCredentials
+				} : anthropicParams,
+				envKey: "ANTHROPIC_API_KEY",
+				missingError: "No API key found. Run `bun run auth` first.",
+				refreshError: (reason) => `Anthropic OAuth token refresh failed. Run \`bun run auth --anthropic\` again. ${reason}`
+			}, {
+				...callbacks,
+				async onOAuthRefresh(ctx) {
+					if (ctx.source === "params") runtimeCredentials = {
+						access: ctx.credentials.access,
+						refresh: ctx.credentials.refresh,
+						expires: ctx.credentials.expires
+					};
+					await callbacks.onOAuthRefresh?.(ctx);
+				}
+			});
+			const client = createClient(SDK, apiKey, apiKey.includes("sk-ant-oat"), anthropicParams?.baseURL, anthropicParams?.extraBetas);
+			const system = isOAuth ? `You are Claude Code, Anthropic's official CLI for Claude.` : options.system;
+			const messages = isOAuth && options.system ? [
+				{
+					role: "user",
+					content: [{
+						type: "text",
+						text: options.system
+					}]
+				},
+				{
+					role: "assistant",
+					content: [{
+						type: "text",
+						text: "Understood. I will proceed with these instructions above the rest of my system prompt."
+					}]
+				},
+				...options.messages
+			] : [...options.messages];
+			const thinking = options.thinking ?? "off";
+			const modelId = options.model;
+			const params = {
+				...anthropicParams?.extraBodyParams ?? {},
+				model: modelId,
+				max_tokens: options.maxTokens,
+				system,
+				tools: options.tools,
+				messages: messages.map((m) => toAnthropic(m)),
+				stream: true
+			};
+			if (anthropicParams?.contextManagement) params.context_management = anthropicParams.contextManagement;
+			if (options.cache !== false) applyAnthropicCacheBreakpoints(params);
+			const plan = planAnthropicThinking(thinking, options.thinkingBudget);
+			if (plan) {
+				if (plan.kind === "enabled") {
+					params.thinking = {
+						type: "enabled",
+						budget_tokens: plan.budgetTokens
+					};
+					params.max_tokens = plan.maxTokensBump + params.max_tokens;
+				} else {
+					params.thinking = { type: "adaptive" };
+					if (plan.effort) params.output_config = { effort: plan.effort };
+					if (typeof plan.maxTokensCap === "number" && plan.maxTokensCap > 0) params.max_tokens = Math.min(params.max_tokens, plan.maxTokensCap);
+				}
+				params.temperature = 1;
+			}
+			if (options.toolChoice) if (options.toolChoice.type === "tool" && options.toolChoice.name) params.tool_choice = {
+				type: "tool",
+				name: options.toolChoice.name
+			};
+			else if (options.toolChoice.type === "required") params.tool_choice = { type: "any" };
+			else params.tool_choice = { type: "auto" };
+			const s = client.messages.stream(params, { signal: options.signal });
+			let text = "";
+			s.on("text", (delta) => {
+				text += delta;
+				callbacks.onText(delta);
+			});
+			if (callbacks.onThinking) s.on("thinking", (delta) => {
+				callbacks.onThinking(delta);
+			});
+			const response = await s.finalMessage();
+			const toolCalls = response.content.filter((b) => b.type === "tool_use").map((b) => ({
+				id: b.id,
+				name: b.name,
+				input: b.input
+			}));
+			const finishReason = mapStopReason(response.stop_reason);
+			const isPause = response.stop_reason === "pause_turn";
+			return {
+				assistantMessage: fromAnthropic({
+					role: "assistant",
+					content: response.content
+				}),
+				text,
+				toolCalls,
+				done: !isPause && (response.stop_reason === "end_turn" || toolCalls.length === 0),
+				usage: {
+					input: response.usage.input_tokens,
+					output: response.usage.output_tokens,
+					cacheCreation: response.usage.cache_creation_input_tokens ?? void 0,
+					cacheRead: response.usage.cache_read_input_tokens ?? void 0,
+					...finishReason ? { finishReason } : {},
+					modelId: response.model ?? options.model
+				}
+			};
+		}
+	};
+}
+//#endregion
+//#region src/providers/cerebras.ts
+const BASE_URL$1 = "https://api.cerebras.ai/v1";
+function getApiKey$1(params) {
+	if (typeof params?.apiKey === "string" && params.apiKey.length > 0) return params.apiKey;
+	if (process.env.CEREBRAS_API_KEY) return process.env.CEREBRAS_API_KEY;
+	throw new Error("No Cerebras API key found. Pass `apiKey` or set CEREBRAS_API_KEY in your environment.");
+}
+/**
+* Cerebras provider.
+*
+* Thin wrapper around {@link openaiCompat} with Cerebras-specific defaults
+* (base URL, default model).
+*/
+function cerebras(params) {
+	return openaiCompat({
+		name: "cerebras",
+		apiKey: getApiKey$1(params),
+		baseURL: BASE_URL$1,
+		defaultModel: params?.defaultModel || "zai-glm-4.7",
+		capabilities: params?.capabilities ?? {
+			vision: false,
+			imageInToolResult: false
+		}
+	});
+}
+//#endregion
+//#region src/providers/openai.ts
+const PROVIDER_ID = "openai-codex";
+const DEFAULT_MODEL = "gpt-5.4";
+function resolveModel(modelId) {
+	const model = getModel(PROVIDER_ID, modelId);
+	if (model) return model;
+	const fallback = getModel(PROVIDER_ID, DEFAULT_MODEL);
+	if (!fallback) throw new Error(`OpenAI Codex model registry is missing the default model: ${DEFAULT_MODEL}`);
+	return {
+		...fallback,
+		id: modelId,
+		name: modelId
+	};
+}
+function emptyUsage() {
+	return {
+		input: 0,
+		output: 0,
+		cacheRead: 0,
+		cacheWrite: 0,
+		totalTokens: 0,
+		cost: {
+			input: 0,
+			output: 0,
+			cacheRead: 0,
+			cacheWrite: 0,
+			total: 0
+		}
+	};
+}
+function formatTools(tools) {
+	return tools.map((t) => ({
+		name: t.name,
+		description: t.description,
+		parameters: t.inputSchema
+	}));
+}
+function toPiMessages(messages, modelId) {
+	const out = [];
+	for (const msg of messages) {
+		const toolResults = msg.content.filter((b) => b.type === "tool_result");
+		if (toolResults.length > 0) {
+			for (const result of toolResults) {
+				const content = typeof result.output === "string" ? [{
+					type: "text",
+					text: result.output
+				}] : result.output.map((block) => block.type === "image" ? {
+					type: "image",
+					data: block.data,
+					mimeType: block.mediaType
+				} : {
+					type: "text",
+					text: block.text
+				});
+				out.push({
+					role: "toolResult",
+					toolCallId: result.callId,
+					toolName: "",
+					content,
+					isError: result.isError ?? false,
+					timestamp: Date.now()
+				});
+			}
+			continue;
+		}
+		const textBlocks = msg.content.filter((b) => b.type === "text");
+		const imageBlocks = msg.content.filter((b) => b.type === "image");
+		if (msg.role === "user") {
+			if (imageBlocks.length === 0 && textBlocks.length === 1) {
+				out.push({
+					role: "user",
+					content: textBlocks[0].text,
+					timestamp: Date.now()
+				});
+				continue;
+			}
+			out.push({
+				role: "user",
+				content: [...imageBlocks.map((img) => ({
+					type: "image",
+					data: img.data,
+					mimeType: img.mediaType
+				})), ...textBlocks.map((block) => ({
+					type: "text",
+					text: block.text
+				}))],
+				timestamp: Date.now()
+			});
+			continue;
+		}
+		const content = [];
+		for (const block of msg.content) if (block.type === "text") content.push({
+			type: "text",
+			text: block.text
+		});
+		else if (block.type === "thinking") {
+			if (block.signatureProducer === "anthropic") continue;
+			content.push({
+				type: "thinking",
+				thinking: block.text,
+				thinkingSignature: block.signature
+			});
+		} else if (block.type === "tool_call") content.push({
+			type: "toolCall",
+			id: block.id,
+			name: block.name,
+			arguments: block.input
+		});
+		out.push({
+			role: "assistant",
+			content,
+			api: "openai-codex-responses",
+			provider: PROVIDER_ID,
+			model: modelId,
+			usage: emptyUsage(),
+			stopReason: "stop",
+			timestamp: Date.now()
+		});
+	}
+	return out;
+}
+function fromPiAssistantMessage(message) {
+	const content = [];
+	for (const block of message.content) if (block.type === "text") content.push({
+		type: "text",
+		text: block.text
+	});
+	else if (block.type === "thinking") {
+		const out = {
+			type: "thinking",
+			text: block.thinking
+		};
+		if (typeof block.thinkingSignature === "string") {
+			out.signature = block.thinkingSignature;
+			out.signatureProducer = "openai";
+		}
+		content.push(out);
+	} else if (block.type === "toolCall") content.push({
+		type: "tool_call",
+		id: block.id,
+		name: block.name,
+		input: block.arguments
+	});
+	return {
+		role: "assistant",
+		content
+	};
+}
+function extractToolCalls(message) {
+	return message.content.filter((block) => block.type === "toolCall").map((block) => ({
+		id: block.id,
+		name: block.name,
+		input: block.arguments
+	}));
+}
+function extractText(message) {
+	return message.content.filter((block) => block.type === "text").map((block) => block.text).join("");
+}
+function toTurnUsage(usage, finishReason, modelId) {
+	return {
+		input: usage.input,
+		output: usage.output,
+		cacheRead: usage.cacheRead || void 0,
+		cacheCreation: usage.cacheWrite || void 0,
+		cost: usage.cost.total || void 0,
+		...finishReason ? { finishReason } : {},
+		modelId
+	};
+}
+/**
+* Classify an OpenAI Codex error. pi-ai surfaces errors either as thrown `Error`s
+* (wrapping `event.error.errorMessage`) or via stream event types.
+*/
+function classifyOpenAIError(err) {
+	if (!err || typeof err !== "object") return null;
+	const anyErr = err;
+	if (anyErr.name === "AbortError") return { kind: "aborted" };
+	const message = anyErr.message ?? "";
+	const code = anyErr.code ?? anyErr.type;
+	if (code === "context_length_exceeded" || matchesContextExceeded(message)) return {
+		kind: "context_exceeded",
+		providerCode: code ?? "context_length_exceeded",
+		message
+	};
+	if (message.length > 0) return {
+		kind: "provider_error",
+		providerCode: code,
+		message
+	};
+	return null;
+}
+function applyPayloadOverrides(payload, options) {
+	const body = payload;
+	if (options.toolChoice) if (options.toolChoice.type === "tool" && options.toolChoice.name) body.tool_choice = {
+		type: "function",
+		name: options.toolChoice.name
+	};
+	else if (options.toolChoice.type === "required") body.tool_choice = "required";
+	else body.tool_choice = "auto";
+	return body;
+}
+function openai(params) {
+	const defaultModel = params?.defaultModel || DEFAULT_MODEL;
+	let runtimeCredentials = typeof params?.access === "string" && typeof params.refresh === "string" && typeof params.expires === "number" ? {
+		access: params.access,
+		refresh: params.refresh,
+		expires: params.expires,
+		...params.accountId ? { accountId: params.accountId } : {}
+	} : void 0;
+	return {
+		name: "openai",
+		meta: {
+			defaultModel,
+			isOAuth: true,
+			capabilities: {
+				vision: true,
+				imageInToolResult: true
+			}
+		},
+		formatTools,
+		userMessage,
+		assistantMessage,
+		toolResultsMessage,
+		classifyError: classifyOpenAIError,
+		async stream(options, callbacks) {
+			const modelId = options.model || defaultModel;
+			const model = resolveModel(modelId);
+			const apiKey = await resolveOAuthApiKey({
+				provider: "openai",
+				providerId: PROVIDER_ID,
+				params: runtimeCredentials ? {
+					...params,
+					...runtimeCredentials
+				} : params,
+				envKey: "OPENAI_CODEX_API_KEY",
+				extraCredentialKeys: ["accountId"],
+				missingError: "No OpenAI Codex OAuth token found. Run `bun run auth --openai` first.",
+				refreshError: (reason) => `OpenAI Codex OAuth token refresh failed. Run \`bun run auth --openai\` again. ${reason}`
+			}, {
+				...callbacks,
+				async onOAuthRefresh(ctx) {
+					if (ctx.source === "params") runtimeCredentials = {
+						access: ctx.credentials.access,
+						refresh: ctx.credentials.refresh,
+						expires: ctx.credentials.expires,
+						...typeof ctx.credentials.accountId === "string" ? { accountId: ctx.credentials.accountId } : {}
+					};
+					await callbacks.onOAuthRefresh?.(ctx);
+				}
+			});
+			const context = {
+				systemPrompt: options.system,
+				messages: toPiMessages(options.messages, modelId),
+				tools: options.tools
+			};
+			const reasoningLevel = options.thinking && options.thinking !== "off" && options.thinking !== "adaptive" ? options.thinking : void 0;
+			const stream = streamOpenAICodexResponses(model, context, {
+				apiKey,
+				maxTokens: options.maxTokens,
+				signal: options.signal,
+				transport: params?.transport,
+				reasoningEffort: reasoningLevel,
+				reasoningSummary: reasoningLevel ? "auto" : void 0,
+				onPayload: (payload) => applyPayloadOverrides(payload, options)
+			});
+			let finalMessage;
+			let text = "";
+			let thinking = "";
+			for await (const event of stream) if (event.type === "text_delta") {
+				text += event.delta;
+				callbacks.onText(event.delta);
+			} else if (event.type === "thinking_delta") {
+				thinking += event.delta;
+				callbacks.onThinking?.(event.delta);
+			} else if (event.type === "thinking_end") {
+				const delta = event.content.startsWith(thinking) ? event.content.slice(thinking.length) : thinking ? "" : event.content;
+				if (delta) {
+					thinking += delta;
+					callbacks.onThinking?.(delta);
+				}
+			} else if (event.type === "done") finalMessage = event.message;
+			else if (event.type === "error") throw new Error(event.error.errorMessage || "OpenAI Codex API error");
+			finalMessage ??= await stream.result();
+			text ||= extractText(finalMessage);
+			const toolCalls = extractToolCalls(finalMessage);
+			const assistantTurn = fromPiAssistantMessage(finalMessage);
+			const finishReason = toolCalls.length > 0 ? "tool-calls" : "stop";
+			return {
+				assistantMessage: assistantTurn,
+				text,
+				toolCalls,
+				done: toolCalls.length === 0,
+				usage: toTurnUsage(finalMessage.usage, finishReason, modelId)
+			};
+		}
+	};
+}
+//#endregion
+//#region src/providers/openrouter.ts
+const BASE_URL = "https://openrouter.ai/api/v1";
+function getApiKey(params) {
+	if (typeof params?.apiKey === "string" && params.apiKey.length > 0) return params.apiKey;
+	if (process.env.OPENROUTER_API_KEY) return process.env.OPENROUTER_API_KEY;
+	throw new Error("No OpenRouter API key found. Pass `apiKey` or set OPENROUTER_API_KEY in your environment.");
+}
+/**
+* OpenRouter provider.
+*
+* Thin wrapper around {@link openaiCompat} with OpenRouter-specific defaults
+* (base URL, default model) and required attribution headers.
+*/
+function openrouter(params) {
+	return openaiCompat({
+		name: "openrouter",
+		apiKey: getApiKey(params),
+		baseURL: BASE_URL,
+		defaultModel: params?.defaultModel || "anthropic/claude-sonnet-4-6",
+		extraHeaders: {
+			"HTTP-Referer": "https://github.com/Tahul/zidane",
+			"X-Title": "zidane"
+		},
+		capabilities: params?.capabilities ?? {
+			vision: true,
+			imageInToolResult: false
+		},
+		cacheBreakpoints: true,
+		supportsReasoning: true
+	});
+}
+//#endregion
+export { anthropic as i, openai as n, cerebras as r, openrouter as t };
+
+//# sourceMappingURL=providers-CX-R-Oy-.js.map