oy-cli 0.3.1__tar.gz → 0.3.3__tar.gz

{oy_cli-0.3.1 → oy_cli-0.3.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: oy-cli
-Version: 0.3.1
+Version: 0.3.3
 Summary: Tiny local coding CLI with a small tool surface
 Author: oy-cli contributors
 License-Expression: Apache-2.0
@@ -10,9 +10,9 @@ Project-URL: Issues, https://github.com/wagov-dtt/oy-cli/issues
 Requires-Python: >=3.14
 Description-Content-Type: text/markdown
 License-File: LICENSE
+Requires-Dist: boto3>=1.35.0
 Requires-Dist: defopt>=7.0.0
 Requires-Dist: httpx>=0.28.1
-Requires-Dist: httpx-aws-auth>=4.1.1
 Requires-Dist: markdownify>=1.2.0
 Requires-Dist: openai>=1.68.0
 Requires-Dist: rich>=14.3.0
@@ -23,6 +23,8 @@ Dynamic: license-file
 
 # oy-cli
 
+[![PyPI](https://img.shields.io/pypi/v/oy-cli)](https://pypi.org/project/oy-cli/)
+
 **Tiny AI coding assistant for your shell.** Reads files, runs commands, makes precise edits, and stays intentionally small.
 
 ```bash
@@ -53,9 +55,7 @@ oy audit "focus on authentication"
 oy "prompt"              # Run with a prompt (default)
 oy chat                   # Interactive multi-turn session
 oy audit                  # Security audit against OWASP ASVS/MASVS
-oy model                  # Show current default model
-oy model <filter>         # Pick/save a model
-oy model --token          # Print Bedrock OpenAI env exports
+oy model                  # Show current model, pick model from available endpoints
 oy --help                 # Show all commands
 ```
 
@@ -65,18 +65,30 @@ Most AI coding tools are large, complex, or lock you into a single provider. `oy
 
 **Design goals:** small auditable codebase, minimal tool surface, OpenAI-completions-focused CLI loop, multiple backends behind shims, fresh session each run, and explicit checkpoints when needed.
 
-## System Prompt
+## System Prompts
 
 The system prompt is intentionally short. Tool semantics live with the tool definitions; the system prompt focuses on operating rules and judgment:
 
-> You are oy, a tiny coding cli with tools.
-> Work by inspecting first, then making explicit changes. Prefer simple auditable solutions.
-> Keep going until done or genuinely blocked; if blocked, say what you tried and next steps.
-> Use grugbrain-style simplicity for complexity, OWASP-minded judgment for security, and performance-aware judgment to avoid obvious waste.
+### Base Prompt
+
+```markdown
+You are oy, a tiny coding cli with tools.
+Work by inspecting first, then making explicit changes. Prefer simple auditable solutions.
+Keep going until done or genuinely blocked; if blocked, say what you tried and next steps.
+Use grugbrain-style simplicity for complexity, OWASP-minded judgment for security, and performance-aware judgment to avoid obvious waste.
+```
+
+### Interactive Appendix
+
+```markdown
+Use ask only when significant clarification or direction is needed.
+```
 
-In interactive mode, the `ask` tool is available: *"Use ask only when significant clarification or direction is needed."*
+### Non-Interactive Appendix
 
-In non-interactive mode (`OY_NON_INTERACTIVE=1`): *"Non-interactive mode: do not pause for approval."*
+```markdown
+Non-interactive mode: do not pause for approval.
+```
 
 ## Tools
 
@@ -84,12 +96,12 @@ Each tool description is passed directly to the model. These are the exact descr
 
 | Tool | Description |
 |------|-------------|
-| `list` | List a directory. Use this first on unfamiliar trees. Returns sorted entries, one per line, with `/` for directories. |
+| `list` | List a directory. Use this first on unfamiliar trees. Returns sorted entries, one per line, with / for directories. |
 | `read` | Read a file or directory. Use before editing. Files return line-numbered text; directories fall back to list. Use offset/limit for large files. |
 | `apply` | Edit files inside the workspace. Operations: replace, write, move, delete. Read first and keep edits precise. |
 | `bash` | Run shell commands for tests, builds, git, and scripts. Do not use for routine file inspection. Returns stdout and stderr together. |
 | `grep` | Search file contents by text or regex. Use file_glob to narrow by filename pattern. Returns matching lines with file and line numbers. |
-| `glob` | Find files by name pattern like `*.py` or `src/**/*.js`. Use when you know the path shape. Supports `*`, `?`, and `**`. |
+| `glob` | Find files by name pattern like '*.py' or 'src/**/*.js'. Use when you know the path shape. Supports *, ?, and **. |
 | `httpx` | Fetch web pages or APIs over HTTP(S). Presets: page, json, post_json. Use json_path to extract nested fields. Sensitive headers are redacted. |
 | `ask` | Ask the user a question in interactive runs. Use for significant ambiguity or decisions. Provide choices when useful. |
 
@@ -99,10 +111,11 @@ Each tool description is passed directly to the model. These are the exact descr
 
 `oy audit` runs the agent with a dedicated system prompt:
 
-> Audit the repo for security, unnecessary complexity, and major obvious performance issues.
-> Fetch current OWASP ASVS and MASVS with httpx, inspect the codebase, and write/merge prioritised findings to ISSUES.md.
-> Each finding should include location, category (security|complexity|performance), reference, recommendation, and status: OPEN.
-> Avoid removing project or human context.
+### Audit Prompt
+
+```markdown
+Audit the repo for security, unnecessary complexity, and major obvious performance issues, preserving project and human context. First read key markdown docs, then refresh or generate an audit header at the top of ISSUES.md that includes the current date, the latest Git commit reference, and a concise codebase summary using tools like `scc` or `tokei`. Next, fetch the current OWASP ASVS (or MASVS if more relevant) and grugbrain.dev guidelines using httpx, inspect the codebase against these, and write or merge prioritised findings (max 10-15) into the ISSUES.md file. Ensure each finding is formatted to include its location, category (security, complexity, or performance), standard reference, a clear recommendation, and has a Status, if existing findings have been resolved, summarise and note them in a short log at the end.
+```
 
 ```bash
 oy audit                    # Full audit
@@ -123,31 +136,16 @@ OY_ROOT=./src oy audit      # Audit specific directory
 | `OY_SYSTEM_FILE` | Append extra system instructions |
 | `OY_CONFIG` | Override config path (default: `~/.config/oy/config.json`) |
 
-**Tuning variables** (rarely needed):
-
-| Variable | Default | Purpose |
-|----------|---------|---------|
-| `OY_MAX_TOOL_OUTPUT_TOKENS` | `4096` | Max tokens kept from tool output |
-| `OY_MAX_TOOL_TAIL_TOKENS` | `1024` | Tail tokens preserved when output is clipped |
-| `OY_MAX_BASH_CMD_BYTES` | `65536` | Max command size for `bash` tool |
-| `OY_MAX_CONTEXT_TOKENS` | `131072` | Context window budget |
-| `OY_MAX_MESSAGE_TOKENS` | `4096` | Per-message truncation limit |
-| `OY_DEFAULT_MAX_STEPS` | `512` | Max LLM turns per run |
-| `OY_DEFAULT_MAX_TOOL_CALLS` | `512` | Max tool invocations per run |
-| `OY_DEFAULT_LINE_LIMIT` | `500` | Default line limit for `read`/`list`/`glob` |
-| `OY_BEDROCK_READ_TIMEOUT` | `120` | HTTP read timeout for Bedrock (seconds) |
-| `OY_BEDROCK_MAX_OUTPUT_TOKENS` | `4096` | Max output tokens for Bedrock Converse |
-
 **Config file** (`~/.config/oy/config.json`):
 ```json
-{"shim": "gemini", "model": "gemini-2.5-pro"}
+{"shim": "openai", "model": "glm-5"}
 ```
 
 The `shim` field pins which backend to use regardless of what else is signed in. Use `oy model <filter>` to pick interactively; it merges models from available signed-in shims into a single list using `shim:model` prefixes.
 
 On first run, if no model is configured, `oy` prompts you to pick one from the available backends. Set `OY_MODEL`, `OY_SHIM`, or save a config with `oy model` to pin behavior.
 
-**Recommended model:** From testing, `glm-5` (via Bedrock) offers the best balance of intelligence, cost, and tool-use ability. `kimi-k2.5` is another strong option.
+**Recommended model:** From testing, `glm-5` offers the best balance of intelligence, cost, and tool-use ability. `kimi-k2.5` is another strong option. The [Artificial Analysis Comparison of Open Source Models](https://artificialanalysis.ai/models/open-source) is a good reference.
 
 ## Requirements
 
@@ -176,27 +174,7 @@ export OPENAI_BASE_URL=https://your-endpoint.example/v1
 export OPENAI_API_KEY=...
 ```
 
-**Codex CLI (automatic):** If you have already logged in with `codex`, `oy` will reuse the credentials in `~/.codex/auth.json`. If that file contains a generated API key, `oy` uses the public OpenAI Responses API. If it contains a ChatGPT account session instead, `oy` uses the ChatGPT-backed Codex responses endpoint.
-
-**Gemini CLI (automatic):** If you have the [Gemini CLI](https://github.com/google-gemini/gemini-cli) installed and have run `gemini` at least once to authenticate, `oy` will pick up the OAuth credentials automatically from `~/.gemini/oauth_creds.json`. No extra setup needed.
-
-```bash
-# Install and authenticate the Gemini CLI once
-npm install -g @google/gemini-cli
-gemini  # follow the login prompt
-
-# Then just use oy — it auto-detects Gemini credentials
-oy "refactor this function"
-```
-
-Default model when using Gemini: `gemini-2.5-pro`. Use `oy model <filter>` or `OY_MODEL` to switch.
-
-**Claude Code (automatic):** If you have already signed in with Claude Code, `oy` can use that local session directly through the `claude` shim. No Anthropic API key is required.
-
-```bash
-claude auth login
-oy --model claude:sonnet "refactor this function"
-```
+Gemini, Claude, Codex (OpenAI) creds should be automatically introspected and used, if creds are available `oy model` will show them in the model list.
 
 **AWS Bedrock (automatic):** Uses your default AWS profile/region. Supports auto-refresh of stale SSO sessions.
 ```bash
@@ -206,17 +184,11 @@ export AWS_REGION=us-west-2
 
 ## Troubleshooting
 
-**"Missing API credentials"** -> Set `OPENAI_API_KEY`, sign in with `codex`, install and authenticate the Gemini CLI, sign in with `claude auth login`, or configure AWS CLI (`aws configure`). For Bedrock: ensure your profile has `bedrock:InvokeModel` permission.
+**"Missing API credentials"** -> Set `OPENAI_API_KEY`, sign in with `codex`, `gemini` or `claude`, or configure AWS CLI (`aws configure`). For Bedrock: ensure your profile has `bedrock:InvokeModel` permission.
 
 **"stdin is not a TTY"** -> Piping input disables `ask`. Set `OY_NON_INTERACTIVE=1` to make explicit.
 
-**"AWS SSO session is stale"** -> Run `aws sso login --use-device-code --no-browser` or run `oy` in a TTY for auto-prompt.
-
-**"command timed out"** -> `bash` default timeout is 120s. Agent can increase `timeout_seconds` parameter.
-
-**"replace target not found"** -> `apply` requires exact string match. Read file first, check whitespace.
-
-**Output truncated** -> Tools clip at 4096 tokens by default. Agent auto-narrows queries, or guide explicitly: "read lines 100-200".
+**"AWS SSO session is stale"** -> Run `aws sso login --use-device-code --no-browser`.
 
 ## Security
 
@@ -228,7 +200,7 @@ Recommended:
 - avoid exposing long-lived secrets in the environment
 - review generated changes before shipping
 
-**Automatic protections:** workspace-bound file access, structured edits through `apply`, sensitive header redaction in `httpx`, and secure Bedrock token generation.
+**Automatic protections:** workspace-bound file access, structured edits through `apply`, sensitive header redaction in `httpx`, and native boto3 credential resolution for Bedrock.
 
 ## Links
 

{oy_cli-0.3.1 → oy_cli-0.3.3}/README.md

@@ -1,5 +1,7 @@
 # oy-cli
 
+[![PyPI](https://img.shields.io/pypi/v/oy-cli)](https://pypi.org/project/oy-cli/)
+
 **Tiny AI coding assistant for your shell.** Reads files, runs commands, makes precise edits, and stays intentionally small.
 
 ```bash
@@ -30,9 +32,7 @@ oy audit "focus on authentication"
 oy "prompt"              # Run with a prompt (default)
 oy chat                   # Interactive multi-turn session
 oy audit                  # Security audit against OWASP ASVS/MASVS
-oy model                  # Show current default model
-oy model <filter>         # Pick/save a model
-oy model --token          # Print Bedrock OpenAI env exports
+oy model                  # Show current model, pick model from available endpoints
 oy --help                 # Show all commands
 ```
 
@@ -42,18 +42,30 @@ Most AI coding tools are large, complex, or lock you into a single provider. `oy
 
 **Design goals:** small auditable codebase, minimal tool surface, OpenAI-completions-focused CLI loop, multiple backends behind shims, fresh session each run, and explicit checkpoints when needed.
 
-## System Prompt
+## System Prompts
 
 The system prompt is intentionally short. Tool semantics live with the tool definitions; the system prompt focuses on operating rules and judgment:
 
-> You are oy, a tiny coding cli with tools.
-> Work by inspecting first, then making explicit changes. Prefer simple auditable solutions.
-> Keep going until done or genuinely blocked; if blocked, say what you tried and next steps.
-> Use grugbrain-style simplicity for complexity, OWASP-minded judgment for security, and performance-aware judgment to avoid obvious waste.
+### Base Prompt
+
+```markdown
+You are oy, a tiny coding cli with tools.
+Work by inspecting first, then making explicit changes. Prefer simple auditable solutions.
+Keep going until done or genuinely blocked; if blocked, say what you tried and next steps.
+Use grugbrain-style simplicity for complexity, OWASP-minded judgment for security, and performance-aware judgment to avoid obvious waste.
+```
+
+### Interactive Appendix
+
+```markdown
+Use ask only when significant clarification or direction is needed.
+```
 
-In interactive mode, the `ask` tool is available: *"Use ask only when significant clarification or direction is needed."*
+### Non-Interactive Appendix
 
-In non-interactive mode (`OY_NON_INTERACTIVE=1`): *"Non-interactive mode: do not pause for approval."*
+```markdown
+Non-interactive mode: do not pause for approval.
+```
 
 ## Tools
 
@@ -61,12 +73,12 @@ Each tool description is passed directly to the model. These are the exact descr
 
 | Tool | Description |
 |------|-------------|
-| `list` | List a directory. Use this first on unfamiliar trees. Returns sorted entries, one per line, with `/` for directories. |
+| `list` | List a directory. Use this first on unfamiliar trees. Returns sorted entries, one per line, with / for directories. |
 | `read` | Read a file or directory. Use before editing. Files return line-numbered text; directories fall back to list. Use offset/limit for large files. |
 | `apply` | Edit files inside the workspace. Operations: replace, write, move, delete. Read first and keep edits precise. |
 | `bash` | Run shell commands for tests, builds, git, and scripts. Do not use for routine file inspection. Returns stdout and stderr together. |
 | `grep` | Search file contents by text or regex. Use file_glob to narrow by filename pattern. Returns matching lines with file and line numbers. |
-| `glob` | Find files by name pattern like `*.py` or `src/**/*.js`. Use when you know the path shape. Supports `*`, `?`, and `**`. |
+| `glob` | Find files by name pattern like '*.py' or 'src/**/*.js'. Use when you know the path shape. Supports *, ?, and **. |
 | `httpx` | Fetch web pages or APIs over HTTP(S). Presets: page, json, post_json. Use json_path to extract nested fields. Sensitive headers are redacted. |
 | `ask` | Ask the user a question in interactive runs. Use for significant ambiguity or decisions. Provide choices when useful. |
 
@@ -76,10 +88,11 @@ Each tool description is passed directly to the model. These are the exact descr
 
 `oy audit` runs the agent with a dedicated system prompt:
 
-> Audit the repo for security, unnecessary complexity, and major obvious performance issues.
-> Fetch current OWASP ASVS and MASVS with httpx, inspect the codebase, and write/merge prioritised findings to ISSUES.md.
-> Each finding should include location, category (security|complexity|performance), reference, recommendation, and status: OPEN.
-> Avoid removing project or human context.
+### Audit Prompt
+
+```markdown
+Audit the repo for security, unnecessary complexity, and major obvious performance issues, preserving project and human context. First read key markdown docs, then refresh or generate an audit header at the top of ISSUES.md that includes the current date, the latest Git commit reference, and a concise codebase summary using tools like `scc` or `tokei`. Next, fetch the current OWASP ASVS (or MASVS if more relevant) and grugbrain.dev guidelines using httpx, inspect the codebase against these, and write or merge prioritised findings (max 10-15) into the ISSUES.md file. Ensure each finding is formatted to include its location, category (security, complexity, or performance), standard reference, a clear recommendation, and has a Status, if existing findings have been resolved, summarise and note them in a short log at the end.
+```
 
 ```bash
 oy audit                    # Full audit
@@ -100,31 +113,16 @@ OY_ROOT=./src oy audit      # Audit specific directory
 | `OY_SYSTEM_FILE` | Append extra system instructions |
 | `OY_CONFIG` | Override config path (default: `~/.config/oy/config.json`) |
 
-**Tuning variables** (rarely needed):
-
-| Variable | Default | Purpose |
-|----------|---------|---------|
-| `OY_MAX_TOOL_OUTPUT_TOKENS` | `4096` | Max tokens kept from tool output |
-| `OY_MAX_TOOL_TAIL_TOKENS` | `1024` | Tail tokens preserved when output is clipped |
-| `OY_MAX_BASH_CMD_BYTES` | `65536` | Max command size for `bash` tool |
-| `OY_MAX_CONTEXT_TOKENS` | `131072` | Context window budget |
-| `OY_MAX_MESSAGE_TOKENS` | `4096` | Per-message truncation limit |
-| `OY_DEFAULT_MAX_STEPS` | `512` | Max LLM turns per run |
-| `OY_DEFAULT_MAX_TOOL_CALLS` | `512` | Max tool invocations per run |
-| `OY_DEFAULT_LINE_LIMIT` | `500` | Default line limit for `read`/`list`/`glob` |
-| `OY_BEDROCK_READ_TIMEOUT` | `120` | HTTP read timeout for Bedrock (seconds) |
-| `OY_BEDROCK_MAX_OUTPUT_TOKENS` | `4096` | Max output tokens for Bedrock Converse |
-
 **Config file** (`~/.config/oy/config.json`):
 ```json
-{"shim": "gemini", "model": "gemini-2.5-pro"}
+{"shim": "openai", "model": "glm-5"}
 ```
 
 The `shim` field pins which backend to use regardless of what else is signed in. Use `oy model <filter>` to pick interactively; it merges models from available signed-in shims into a single list using `shim:model` prefixes.
 
 On first run, if no model is configured, `oy` prompts you to pick one from the available backends. Set `OY_MODEL`, `OY_SHIM`, or save a config with `oy model` to pin behavior.
 
-**Recommended model:** From testing, `glm-5` (via Bedrock) offers the best balance of intelligence, cost, and tool-use ability. `kimi-k2.5` is another strong option.
+**Recommended model:** From testing, `glm-5` offers the best balance of intelligence, cost, and tool-use ability. `kimi-k2.5` is another strong option. The [Artificial Analysis Comparison of Open Source Models](https://artificialanalysis.ai/models/open-source) is a good reference.
 
 ## Requirements
 
@@ -153,27 +151,7 @@ export OPENAI_BASE_URL=https://your-endpoint.example/v1
 export OPENAI_API_KEY=...
 ```
 
-**Codex CLI (automatic):** If you have already logged in with `codex`, `oy` will reuse the credentials in `~/.codex/auth.json`. If that file contains a generated API key, `oy` uses the public OpenAI Responses API. If it contains a ChatGPT account session instead, `oy` uses the ChatGPT-backed Codex responses endpoint.
-
-**Gemini CLI (automatic):** If you have the [Gemini CLI](https://github.com/google-gemini/gemini-cli) installed and have run `gemini` at least once to authenticate, `oy` will pick up the OAuth credentials automatically from `~/.gemini/oauth_creds.json`. No extra setup needed.
-
-```bash
-# Install and authenticate the Gemini CLI once
-npm install -g @google/gemini-cli
-gemini  # follow the login prompt
-
-# Then just use oy — it auto-detects Gemini credentials
-oy "refactor this function"
-```
-
-Default model when using Gemini: `gemini-2.5-pro`. Use `oy model <filter>` or `OY_MODEL` to switch.
-
-**Claude Code (automatic):** If you have already signed in with Claude Code, `oy` can use that local session directly through the `claude` shim. No Anthropic API key is required.
-
-```bash
-claude auth login
-oy --model claude:sonnet "refactor this function"
-```
+Gemini, Claude, Codex (OpenAI) creds should be automatically introspected and used, if creds are available `oy model` will show them in the model list.
 
 **AWS Bedrock (automatic):** Uses your default AWS profile/region. Supports auto-refresh of stale SSO sessions.
 ```bash
@@ -183,17 +161,11 @@ export AWS_REGION=us-west-2
 
 ## Troubleshooting
 
-**"Missing API credentials"** -> Set `OPENAI_API_KEY`, sign in with `codex`, install and authenticate the Gemini CLI, sign in with `claude auth login`, or configure AWS CLI (`aws configure`). For Bedrock: ensure your profile has `bedrock:InvokeModel` permission.
+**"Missing API credentials"** -> Set `OPENAI_API_KEY`, sign in with `codex`, `gemini` or `claude`, or configure AWS CLI (`aws configure`). For Bedrock: ensure your profile has `bedrock:InvokeModel` permission.
 
 **"stdin is not a TTY"** -> Piping input disables `ask`. Set `OY_NON_INTERACTIVE=1` to make explicit.
 
-**"AWS SSO session is stale"** -> Run `aws sso login --use-device-code --no-browser` or run `oy` in a TTY for auto-prompt.
-
-**"command timed out"** -> `bash` default timeout is 120s. Agent can increase `timeout_seconds` parameter.
-
-**"replace target not found"** -> `apply` requires exact string match. Read file first, check whitespace.
-
-**Output truncated** -> Tools clip at 4096 tokens by default. Agent auto-narrows queries, or guide explicitly: "read lines 100-200".
+**"AWS SSO session is stale"** -> Run `aws sso login --use-device-code --no-browser`.
 
 ## Security
 
@@ -205,7 +177,7 @@ Recommended:
 - avoid exposing long-lived secrets in the environment
 - review generated changes before shipping
 
-**Automatic protections:** workspace-bound file access, structured edits through `apply`, sensitive header redaction in `httpx`, and secure Bedrock token generation.
+**Automatic protections:** workspace-bound file access, structured edits through `apply`, sensitive header redaction in `httpx`, and native boto3 credential resolution for Bedrock.
 
 ## Links
 

{oy_cli-0.3.1 → oy_cli-0.3.3}/oy_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: oy-cli
-Version: 0.3.1
+Version: 0.3.3
 Summary: Tiny local coding CLI with a small tool surface
 Author: oy-cli contributors
 License-Expression: Apache-2.0
@@ -10,9 +10,9 @@ Project-URL: Issues, https://github.com/wagov-dtt/oy-cli/issues
 Requires-Python: >=3.14
 Description-Content-Type: text/markdown
 License-File: LICENSE
+Requires-Dist: boto3>=1.35.0
 Requires-Dist: defopt>=7.0.0
 Requires-Dist: httpx>=0.28.1
-Requires-Dist: httpx-aws-auth>=4.1.1
 Requires-Dist: markdownify>=1.2.0
 Requires-Dist: openai>=1.68.0
 Requires-Dist: rich>=14.3.0
@@ -23,6 +23,8 @@ Dynamic: license-file
 
 # oy-cli
 
+[![PyPI](https://img.shields.io/pypi/v/oy-cli)](https://pypi.org/project/oy-cli/)
+
 **Tiny AI coding assistant for your shell.** Reads files, runs commands, makes precise edits, and stays intentionally small.
 
 ```bash
@@ -53,9 +55,7 @@ oy audit "focus on authentication"
 oy "prompt"              # Run with a prompt (default)
 oy chat                   # Interactive multi-turn session
 oy audit                  # Security audit against OWASP ASVS/MASVS
-oy model                  # Show current default model
-oy model <filter>         # Pick/save a model
-oy model --token          # Print Bedrock OpenAI env exports
+oy model                  # Show current model, pick model from available endpoints
 oy --help                 # Show all commands
 ```
 
@@ -65,18 +65,30 @@ Most AI coding tools are large, complex, or lock you into a single provider. `oy
 
 **Design goals:** small auditable codebase, minimal tool surface, OpenAI-completions-focused CLI loop, multiple backends behind shims, fresh session each run, and explicit checkpoints when needed.
 
-## System Prompt
+## System Prompts
 
 The system prompt is intentionally short. Tool semantics live with the tool definitions; the system prompt focuses on operating rules and judgment:
 
-> You are oy, a tiny coding cli with tools.
-> Work by inspecting first, then making explicit changes. Prefer simple auditable solutions.
-> Keep going until done or genuinely blocked; if blocked, say what you tried and next steps.
-> Use grugbrain-style simplicity for complexity, OWASP-minded judgment for security, and performance-aware judgment to avoid obvious waste.
+### Base Prompt
+
+```markdown
+You are oy, a tiny coding cli with tools.
+Work by inspecting first, then making explicit changes. Prefer simple auditable solutions.
+Keep going until done or genuinely blocked; if blocked, say what you tried and next steps.
+Use grugbrain-style simplicity for complexity, OWASP-minded judgment for security, and performance-aware judgment to avoid obvious waste.
+```
+
+### Interactive Appendix
+
+```markdown
+Use ask only when significant clarification or direction is needed.
+```
 
-In interactive mode, the `ask` tool is available: *"Use ask only when significant clarification or direction is needed."*
+### Non-Interactive Appendix
 
-In non-interactive mode (`OY_NON_INTERACTIVE=1`): *"Non-interactive mode: do not pause for approval."*
+```markdown
+Non-interactive mode: do not pause for approval.
+```
 
 ## Tools
 
@@ -84,12 +96,12 @@ Each tool description is passed directly to the model. These are the exact descr
 
 | Tool | Description |
 |------|-------------|
-| `list` | List a directory. Use this first on unfamiliar trees. Returns sorted entries, one per line, with `/` for directories. |
+| `list` | List a directory. Use this first on unfamiliar trees. Returns sorted entries, one per line, with / for directories. |
 | `read` | Read a file or directory. Use before editing. Files return line-numbered text; directories fall back to list. Use offset/limit for large files. |
 | `apply` | Edit files inside the workspace. Operations: replace, write, move, delete. Read first and keep edits precise. |
 | `bash` | Run shell commands for tests, builds, git, and scripts. Do not use for routine file inspection. Returns stdout and stderr together. |
 | `grep` | Search file contents by text or regex. Use file_glob to narrow by filename pattern. Returns matching lines with file and line numbers. |
-| `glob` | Find files by name pattern like `*.py` or `src/**/*.js`. Use when you know the path shape. Supports `*`, `?`, and `**`. |
+| `glob` | Find files by name pattern like '*.py' or 'src/**/*.js'. Use when you know the path shape. Supports *, ?, and **. |
 | `httpx` | Fetch web pages or APIs over HTTP(S). Presets: page, json, post_json. Use json_path to extract nested fields. Sensitive headers are redacted. |
 | `ask` | Ask the user a question in interactive runs. Use for significant ambiguity or decisions. Provide choices when useful. |
 
@@ -99,10 +111,11 @@ Each tool description is passed directly to the model. These are the exact descr
 
 `oy audit` runs the agent with a dedicated system prompt:
 
-> Audit the repo for security, unnecessary complexity, and major obvious performance issues.
-> Fetch current OWASP ASVS and MASVS with httpx, inspect the codebase, and write/merge prioritised findings to ISSUES.md.
-> Each finding should include location, category (security|complexity|performance), reference, recommendation, and status: OPEN.
-> Avoid removing project or human context.
+### Audit Prompt
+
+```markdown
+Audit the repo for security, unnecessary complexity, and major obvious performance issues, preserving project and human context. First read key markdown docs, then refresh or generate an audit header at the top of ISSUES.md that includes the current date, the latest Git commit reference, and a concise codebase summary using tools like `scc` or `tokei`. Next, fetch the current OWASP ASVS (or MASVS if more relevant) and grugbrain.dev guidelines using httpx, inspect the codebase against these, and write or merge prioritised findings (max 10-15) into the ISSUES.md file. Ensure each finding is formatted to include its location, category (security, complexity, or performance), standard reference, a clear recommendation, and has a Status, if existing findings have been resolved, summarise and note them in a short log at the end.
+```
 
 ```bash
 oy audit                    # Full audit
@@ -123,31 +136,16 @@ OY_ROOT=./src oy audit      # Audit specific directory
 | `OY_SYSTEM_FILE` | Append extra system instructions |
 | `OY_CONFIG` | Override config path (default: `~/.config/oy/config.json`) |
 
-**Tuning variables** (rarely needed):
-
-| Variable | Default | Purpose |
-|----------|---------|---------|
-| `OY_MAX_TOOL_OUTPUT_TOKENS` | `4096` | Max tokens kept from tool output |
-| `OY_MAX_TOOL_TAIL_TOKENS` | `1024` | Tail tokens preserved when output is clipped |
-| `OY_MAX_BASH_CMD_BYTES` | `65536` | Max command size for `bash` tool |
-| `OY_MAX_CONTEXT_TOKENS` | `131072` | Context window budget |
-| `OY_MAX_MESSAGE_TOKENS` | `4096` | Per-message truncation limit |
-| `OY_DEFAULT_MAX_STEPS` | `512` | Max LLM turns per run |
-| `OY_DEFAULT_MAX_TOOL_CALLS` | `512` | Max tool invocations per run |
-| `OY_DEFAULT_LINE_LIMIT` | `500` | Default line limit for `read`/`list`/`glob` |
-| `OY_BEDROCK_READ_TIMEOUT` | `120` | HTTP read timeout for Bedrock (seconds) |
-| `OY_BEDROCK_MAX_OUTPUT_TOKENS` | `4096` | Max output tokens for Bedrock Converse |
-
 **Config file** (`~/.config/oy/config.json`):
 ```json
-{"shim": "gemini", "model": "gemini-2.5-pro"}
+{"shim": "openai", "model": "glm-5"}
 ```
 
 The `shim` field pins which backend to use regardless of what else is signed in. Use `oy model <filter>` to pick interactively; it merges models from available signed-in shims into a single list using `shim:model` prefixes.
 
 On first run, if no model is configured, `oy` prompts you to pick one from the available backends. Set `OY_MODEL`, `OY_SHIM`, or save a config with `oy model` to pin behavior.
 
-**Recommended model:** From testing, `glm-5` (via Bedrock) offers the best balance of intelligence, cost, and tool-use ability. `kimi-k2.5` is another strong option.
+**Recommended model:** From testing, `glm-5` offers the best balance of intelligence, cost, and tool-use ability. `kimi-k2.5` is another strong option. The [Artificial Analysis Comparison of Open Source Models](https://artificialanalysis.ai/models/open-source) is a good reference.
 
 ## Requirements
 
@@ -176,27 +174,7 @@ export OPENAI_BASE_URL=https://your-endpoint.example/v1
 export OPENAI_API_KEY=...
 ```
 
-**Codex CLI (automatic):** If you have already logged in with `codex`, `oy` will reuse the credentials in `~/.codex/auth.json`. If that file contains a generated API key, `oy` uses the public OpenAI Responses API. If it contains a ChatGPT account session instead, `oy` uses the ChatGPT-backed Codex responses endpoint.
-
-**Gemini CLI (automatic):** If you have the [Gemini CLI](https://github.com/google-gemini/gemini-cli) installed and have run `gemini` at least once to authenticate, `oy` will pick up the OAuth credentials automatically from `~/.gemini/oauth_creds.json`. No extra setup needed.
-
-```bash
-# Install and authenticate the Gemini CLI once
-npm install -g @google/gemini-cli
-gemini  # follow the login prompt
-
-# Then just use oy — it auto-detects Gemini credentials
-oy "refactor this function"
-```
-
-Default model when using Gemini: `gemini-2.5-pro`. Use `oy model <filter>` or `OY_MODEL` to switch.
-
-**Claude Code (automatic):** If you have already signed in with Claude Code, `oy` can use that local session directly through the `claude` shim. No Anthropic API key is required.
-
-```bash
-claude auth login
-oy --model claude:sonnet "refactor this function"
-```
+Gemini, Claude, Codex (OpenAI) creds should be automatically introspected and used, if creds are available `oy model` will show them in the model list.
 
 **AWS Bedrock (automatic):** Uses your default AWS profile/region. Supports auto-refresh of stale SSO sessions.
 ```bash
@@ -206,17 +184,11 @@ export AWS_REGION=us-west-2
 
 ## Troubleshooting
 
-**"Missing API credentials"** -> Set `OPENAI_API_KEY`, sign in with `codex`, install and authenticate the Gemini CLI, sign in with `claude auth login`, or configure AWS CLI (`aws configure`). For Bedrock: ensure your profile has `bedrock:InvokeModel` permission.
+**"Missing API credentials"** -> Set `OPENAI_API_KEY`, sign in with `codex`, `gemini` or `claude`, or configure AWS CLI (`aws configure`). For Bedrock: ensure your profile has `bedrock:InvokeModel` permission.
 
 **"stdin is not a TTY"** -> Piping input disables `ask`. Set `OY_NON_INTERACTIVE=1` to make explicit.
 
-**"AWS SSO session is stale"** -> Run `aws sso login --use-device-code --no-browser` or run `oy` in a TTY for auto-prompt.
-
-**"command timed out"** -> `bash` default timeout is 120s. Agent can increase `timeout_seconds` parameter.
-
-**"replace target not found"** -> `apply` requires exact string match. Read file first, check whitespace.
-
-**Output truncated** -> Tools clip at 4096 tokens by default. Agent auto-narrows queries, or guide explicitly: "read lines 100-200".
+**"AWS SSO session is stale"** -> Run `aws sso login --use-device-code --no-browser`.
 
 ## Security
 
@@ -228,7 +200,7 @@ Recommended:
 - avoid exposing long-lived secrets in the environment
 - review generated changes before shipping
 
-**Automatic protections:** workspace-bound file access, structured edits through `apply`, sensitive header redaction in `httpx`, and secure Bedrock token generation.
+**Automatic protections:** workspace-bound file access, structured edits through `apply`, sensitive header redaction in `httpx`, and native boto3 credential resolution for Bedrock.
 
 ## Links
 

{oy_cli-0.3.1 → oy_cli-0.3.3}/oy_cli.egg-info/requires.txt

@@ -1,6 +1,6 @@
+boto3>=1.35.0
 defopt>=7.0.0
 httpx>=0.28.1
-httpx-aws-auth>=4.1.1
 markdownify>=1.2.0
 openai>=1.68.0
 rich>=14.3.0