reillyse · reillyse · Feb 4, 2026 · Feb 4, 2026 · Feb 4, 2026 · Feb 4, 2026
diff --git a/.agents/claude-code-cli.ts b/.agents/claude-code-cli.ts
@@ -10,7 +10,7 @@ const baseDefinition = createCliAgent({
   startCommand: 'claude --dangerously-skip-permissions',
   permissionNote:
     'Always use `--dangerously-skip-permissions` when testing to avoid permission prompts that would block automated tests.',
-  model: 'anthropic/claude-opus-4.5',
+  model: 'anthropic/claude-opus-4.8',
 })
 
 // Constants must be inside handleSteps since it gets serialized via .toString()
@@ -23,9 +23,8 @@ const definition: AgentDefinition = {
     yield {
       toolName: 'add_message',
       input: {
-        role: 'assistant',
-        content: 'I\'ll first gather context and prepare before starting the ' + CLI_NAME + ' CLI session.\n\n' +
-          'Let me read relevant files and understand the task to provide better guidance to the CLI.',
+        role: 'user',
+        content: 'Before starting the ' + CLI_NAME + ' CLI session, gather context by reading relevant files and understanding the task to provide better guidance to the CLI.',
       },
       includeToolCall: false,
     }
@@ -92,10 +91,10 @@ const definition: AgentDefinition = {
     yield {
       toolName: 'add_message',
       input: {
-        role: 'assistant',
-        content: 'I have started a ' + CLI_NAME + ' tmux session: `' + sessionName + '`\n\n' +
-          'I will use this session for all CLI interactions. The session name must be included in my final output.\n\n' +
-          'Now I\'ll proceed with the task using the helper scripts:\n' +
+        role: 'user',
+        content: 'A ' + CLI_NAME + ' tmux session has been started: `' + sessionName + '`\n\n' +
+          'Use this session for all CLI interactions. The session name must be included in your final output.\n\n' +
+          'Proceed with the task using the helper scripts:\n' +
           '- Send commands: `./scripts/tmux/tmux-cli.sh send "' + sessionName + '" "..."`\n' +
           '- Capture output: `./scripts/tmux/tmux-cli.sh capture "' + sessionName + '" --label "..."`\n' +
           '- Stop when done: `./scripts/tmux/tmux-cli.sh stop "' + sessionName + '"`',

diff --git a/.agents/codebuff-local-cli.ts b/.agents/codebuff-local-cli.ts
@@ -10,7 +10,7 @@ const baseDefinition = createCliAgent({
   startCommand: 'bun --cwd=cli run dev',
   permissionNote:
     'No permission flags needed for Codebuff local dev server.',
-  model: 'anthropic/claude-opus-4.5',
+  model: 'anthropic/claude-opus-4.8',
   skipPrepPhase: true,
   spawnerPromptExtras: `**Purpose:** E2E visual testing of the Codebuff CLI itself. This agent starts a local dev Codebuff CLI instance and interacts with it to verify UI behavior.
 
@@ -95,10 +95,10 @@ const definition: AgentDefinition = {
     yield {
       toolName: 'add_message',
       input: {
-        role: 'assistant',
-        content: 'I have started a ' + CLI_NAME + ' tmux session: `' + sessionName + '`\n\n' +
-          'I will use this session for all CLI interactions. The session name must be included in my final output.\n\n' +
-          'Now I\'ll proceed with the task using the helper scripts:\n' +
+        role: 'user',
+        content: 'A ' + CLI_NAME + ' tmux session has been started: `' + sessionName + '`\n\n' +
+          'Use this session for all CLI interactions. The session name must be included in your final output.\n\n' +
+          'Proceed with the task using the helper scripts:\n' +
           '- Send commands: `./scripts/tmux/tmux-cli.sh send "' + sessionName + '" "..."`\n' +
           '- Capture output: `./scripts/tmux/tmux-cli.sh capture "' + sessionName + '" --label "..."`\n' +
           '- Stop when done: `./scripts/tmux/tmux-cli.sh stop "' + sessionName + '"`',

diff --git a/.agents/codex-cli.ts b/.agents/codex-cli.ts
@@ -81,7 +81,7 @@ const baseDefinition = createCliAgent({
   startCommand: 'codex -a never -s danger-full-access',
   permissionNote:
     'Always use `-a never -s danger-full-access` when testing to avoid approval prompts that would block automated tests.',
-  model: 'anthropic/claude-opus-4.5',
+  model: 'anthropic/claude-opus-4.8',
   extraInputParams: {
     reviewType: {
       type: 'string',
@@ -103,9 +103,8 @@ const definition: AgentDefinition = {
     yield {
       toolName: 'add_message',
       input: {
-        role: 'assistant',
-        content: 'I\'ll first gather context and prepare before starting the ' + CLI_NAME + ' CLI session.\n\n' +
-          'Let me read relevant files and understand the task to provide better guidance to the CLI.',
+        role: 'user',
+        content: 'Before starting the ' + CLI_NAME + ' CLI session, gather context by reading relevant files and understanding the task to provide better guidance to the CLI.',
       },
       includeToolCall: false,
     }
@@ -172,10 +171,10 @@ const definition: AgentDefinition = {
     yield {
       toolName: 'add_message',
       input: {
-        role: 'assistant',
-        content: 'I have started a ' + CLI_NAME + ' tmux session: `' + sessionName + '`\n\n' +
-          'I will use this session for all CLI interactions. The session name must be included in my final output.\n\n' +
-          'Now I\'ll proceed with the task using the helper scripts:\n' +
+        role: 'user',
+        content: 'A ' + CLI_NAME + ' tmux session has been started: `' + sessionName + '`\n\n' +
+          'Use this session for all CLI interactions. The session name must be included in your final output.\n\n' +
+          'Proceed with the task using the helper scripts:\n' +
           '- Send commands: `./scripts/tmux/tmux-cli.sh send "' + sessionName + '" "..."`\n' +
           '- Capture output: `./scripts/tmux/tmux-cli.sh capture "' + sessionName + '" --label "..."`\n' +
           '- Stop when done: `./scripts/tmux/tmux-cli.sh stop "' + sessionName + '"`',

diff --git a/.agents/gemini-cli.ts b/.agents/gemini-cli.ts
@@ -10,7 +10,7 @@ const baseDefinition = createCliAgent({
   startCommand: 'gemini --yolo',
   permissionNote:
     'Always use `--yolo` (or `--approval-mode yolo`) when testing to auto-approve all tool actions and avoid prompts that would block automated tests.',
-  model: 'anthropic/claude-opus-4.5',
+  model: 'anthropic/claude-opus-4.8',
   cliSpecificDocs: `## Gemini CLI Commands
 
 Gemini CLI uses slash commands for navigation:
@@ -29,9 +29,8 @@ const definition: AgentDefinition = {
     yield {
       toolName: 'add_message',
       input: {
-        role: 'assistant',
-        content: 'I\'ll first gather context and prepare before starting the ' + CLI_NAME + ' CLI session.\n\n' +
-          'Let me read relevant files and understand the task to provide better guidance to the CLI.',
+        role: 'user',
+        content: 'Before starting the ' + CLI_NAME + ' CLI session, gather context by reading relevant files and understanding the task to provide better guidance to the CLI.',
       },
       includeToolCall: false,
     }
@@ -98,10 +97,10 @@ const definition: AgentDefinition = {
     yield {
       toolName: 'add_message',
       input: {
-        role: 'assistant',
-        content: 'I have started a ' + CLI_NAME + ' tmux session: `' + sessionName + '`\n\n' +
-          'I will use this session for all CLI interactions. The session name must be included in my final output.\n\n' +
-          'Now I\'ll proceed with the task using the helper scripts:\n' +
+        role: 'user',
+        content: 'A ' + CLI_NAME + ' tmux session has been started: `' + sessionName + '`\n\n' +
+          'Use this session for all CLI interactions. The session name must be included in your final output.\n\n' +
+          'Proceed with the task using the helper scripts:\n' +
           '- Send commands: `./scripts/tmux/tmux-cli.sh send "' + sessionName + '" "..."`\n' +
           '- Capture output: `./scripts/tmux/tmux-cli.sh capture "' + sessionName + '" --label "..."`\n' +
           '- Stop when done: `./scripts/tmux/tmux-cli.sh stop "' + sessionName + '"`',

diff --git a/.agents/lib/create-cli-agent.ts b/.agents/lib/create-cli-agent.ts
@@ -43,6 +43,9 @@ export function createCliAgent(config: CliAgentConfig): AgentDefinition {
     id: config.id,
     displayName: config.displayName,
     model: config.model,
+    providerOptions: {
+      ignore: ['Amazon Bedrock'],
+    },
 
     spawnerPrompt: getSpawnerPrompt(config),
 

diff --git a/.agents/sessions/03-02-14:07-chatgpt-oauth-direct/LESSONS.md b/.agents/sessions/03-02-14:07-chatgpt-oauth-direct/LESSONS.md
@@ -0,0 +1,42 @@
+# LESSONS — ChatGPT OAuth Direct Routing
+
+Session: `.agents/sessions/03-02-14:07-chatgpt-oauth-direct/`
+
+## What went well
+- Building this feature behind a strict feature flag (`CHATGPT_OAUTH_ENABLED=false`) reduced rollout risk while allowing full end-to-end wiring.
+- Reusing the Claude OAuth architectural pattern (credentials helpers, refresh mutex, routing split) accelerated implementation without coupling the two providers.
+- Splitting policy logic into `classifyChatGptOAuthStreamError` made fallback/auth/fail-fast behavior easier to test and reason about.
+- Adding focused CLI tests for `/connect:chatgpt` gating and utility sanitization caught regression risk early.
+
+## Current confidence / known gaps
+- Runtime ChatGPT stream policy is **partially tested**: `classifyChatGptOAuthStreamError` is covered, but we do not yet have full behavioral tests for `promptAiSdkStream` recursion branches (actual fallback recursion and post-partial-output behavior).
+- CLI routing coverage is strongest for **feature-flag OFF** paths; flag-ON auth-code routing should get explicit dedicated tests in a future pass.
+
+## What was tricky
+- The repo had unrelated local drift during implementation; explicit scope cleanup (`git checkout -- <unrelated files>`) was necessary to avoid accidental cross-feature commits.
+- CLI module mocking is path-sensitive. Test modules under `cli/src/commands/__tests__` must mock sibling modules with correct relative paths (e.g. `../../state/chat-store`), or mocks silently fail.
+- Over-mocking analytics can break transitive imports (`setAnalyticsErrorLogger` export expectations). A safe pattern is spreading real analytics exports and overriding only `trackEvent`.
+
+## Unexpected behaviors / gotchas
+- A staged unrelated file can survive despite working-tree revert; both staged and worktree states must be checked before final handoff.
+- “Looks correct” tests can still miss runtime branches if they only validate helper classification, not route wiring; reviewer loops were useful to force coverage on practical paths.
+- For OAuth tooling/scripts, sanitize error text aggressively. Returning status-only errors avoids accidental token payload leakage.
+
+## Useful patterns discovered
+- Keep direct-provider routing stream-only initially; explicitly forcing non-streaming/structured calls to backend avoided broad compatibility risk.
+- Use deterministic model allowlist + normalization mapping in constants to avoid relying on provider-side parsing/errors for unsupported models.
+- Treat temporary protocol validation scripts as first-class validation artifacts: they are valuable for real-account smoke checks without coupling to full CLI runtime.
+
+## Temporary script disposition
+- `scripts/chatgpt-oauth-validate.ts` is currently kept as a **dev utility** for manual protocol revalidation while the feature remains experimental/off by default.
+- Removal criteria: if protocol endpoints are either officially documented or the CLI flow gets stable automated integration coverage, this script can be retired.
+
+## Repeatable security verification
+- For redaction checks, run targeted searches against changed code/log handling paths for sensitive markers before handoff, e.g. `access_token`, `refresh_token`, and `Authorization: Bearer`.
+- Keep surfaced token exchange errors status-only and avoid echoing raw provider response bodies.
+
+## Follow-up improvements worth considering
+- Add deeper runtime-behavior tests for `promptAiSdkStream` recursive fallback branches (not just policy classifier).
+- Add explicit CLI test for flag-ON connect flow path once flag toggling is test-harness friendly.
+- If feature graduates from experimental, add richer direct-path observability while preserving strict token redaction.
+- Add periodic protocol drift checks (authorize/token/callback PKCE assumptions) before enabling the feature flag in production defaults.
diff --git a/.agents/sessions/03-02-14:07-chatgpt-oauth-direct/PLAN.md b/.agents/sessions/03-02-14:07-chatgpt-oauth-direct/PLAN.md
@@ -0,0 +1,104 @@
+# PLAN — ChatGPT Subscription OAuth Direct Routing
+
+## Implementation Steps
+1. **Add shared ChatGPT OAuth constants**
+   - Create `common/src/constants/chatgpt-oauth.ts` with:
+     - feature flag (`CHATGPT_OAUTH_ENABLED=false`)
+     - endpoints/client id/redirect URI/env var
+     - model allowlist + normalization helpers
+   - Export through `common/src/constants/index.ts`.
+
+2. **Build core OAuth utility + temporary protocol validation script (early gate)**
+   - Create `cli/src/utils/chatgpt-oauth.ts` with PKCE URL generation, browser-open helper, pasted code/URL parsing, token exchange helper.
+   - Create `scripts/chatgpt-oauth-validate.ts` to test OAuth URL generation + paste parsing + token exchange interaction.
+   - **Run this script before full integration** as go/no-go checkpoint for endpoint assumptions.
+
+3. **Add SDK env + credential support**
+   - Extend `sdk/src/env.ts` with `getChatGptOAuthTokenFromEnv()`.
+   - Extend `sdk/src/credentials.ts` with `chatgptOAuth` schema and helpers:
+     - get/save/clear
+     - valid-check + refresh mutex
+     - get-valid-with-refresh
+   - Preserve all non-target credentials in read/write operations.
+
+4. **Add CLI connect flow UI and command routing**
+   - Create `cli/src/components/chatgpt-connect-banner.tsx` with state machine + `handleChatGptAuthCode`.
+   - Update input modes (`connect:chatgpt`) and banner registry.
+   - Add `/connect:chatgpt` command + alias handling and slash command entry (feature-gated).
+   - Extend router to process pasted auth code in `connect:chatgpt` mode.
+   - Verify command visibility: hidden when flag OFF, present when flag ON.
+
+5. **Implement direct routing primitives in model-provider (decomposed)**
+   - 5.1 Add ChatGPT direct eligibility checks (feature flag + creds + model scope + skip flag + rate-limit cache state).
+   - 5.2 Add model normalization + prevalidation helpers (OpenRouter-style -> provider-native).
+   - 5.3 Add strict payload sanitization helper for direct requests.
+   - 5.4 Add ChatGPT OAuth direct model construction using OpenAI-compatible transport.
+   - 5.5 Add ChatGPT rate-limit cache helpers (parallel to Claude cache pattern).
+   - Keep Claude OAuth path unchanged.
+
+6. **Update stream execution + fallback/error policy**
+   - Extend `sdk/src/impl/llm.ts` to:
+     - recognize ChatGPT direct route usage
+     - emit ChatGPT OAuth analytics
+     - fallback only on rate-limit errors
+     - fail with reconnect guidance on auth errors
+     - fail fast for all other direct errors
+     - skip cost accounting for successful ChatGPT direct requests
+     - avoid fallback once output has already streamed
+
+7. **Wire startup refresh + CLI status surfacing**
+   - Update `cli/src/init/init-app.ts` for background ChatGPT OAuth credential refresh when enabled.
+   - Update `cli/src/chat.tsx`, `cli/src/components/bottom-status-line.tsx`, and `cli/src/components/usage-banner.tsx` to surface ChatGPT connection/active status.
+
+8. **Add analytics constants + SDK exports**
+   - Extend `common/src/constants/analytics-events.ts` with ChatGPT OAuth request/rate-limit/auth-error events.
+   - Ensure SDK exports newly needed helper(s) in `sdk/src/index.ts`.
+
+9. **Add/adjust tests (explicit matrix)**
+   - SDK credentials tests:
+     - env precedence
+     - persisted read/write/clear
+     - refresh success/failure + mutex
+   - Model-provider tests:
+     - rate-limit cache lifecycle
+     - allowlist prevalidation + unsupported-model error
+     - normalization behavior for mapped/unknown variants
+   - LLM routing/fallback tests (targeted):
+     - 429 fallback
+     - 401/403 no-fallback + reconnect path
+     - timeout/5xx fail-fast
+     - no fallback after content emitted
+   - CLI tests/wiring checks:
+     - command/mode visibility by feature flag
+     - connect mode routing and handler call.
+   - Non-streaming/structured guard check:
+     - confirm backend-only behavior unchanged.
+
+10. **Validation and cleanup decision for temporary script**
+   - Run targeted tests/typechecks for touched packages.
+   - Run OAuth validation script in manual mode (with your account interaction if needed).
+   - Decide and apply final disposition of temporary script:
+     - keep as dev utility, or
+     - remove before finalization.
+
+11. **Security/redaction verification**
+   - Validate no token values are logged in direct feature code paths.
+   - Grep/check for accidental logging of authorization headers, token payload fields, or raw callback query params.
+
+## Dependencies / Ordering
+- Step 1 must be first.
+- Step 2 must run before deep integration (early protocol validation gate).
+- Step 3 precedes Steps 5–7.
+- Step 4 can run in parallel with Step 3 after constants/util setup.
+- Step 5 must precede Step 6.
+- Step 8 can be implemented alongside Steps 5–6 but must complete before final validation.
+- Step 9 follows core implementation completion.
+- Steps 10–11 are final validation/cleanup/security passes.
+
+## Risk Areas
+1. **Unofficial OAuth contract drift** — endpoint/field incompatibility can break token exchange.
+2. **Direct payload compatibility** — strict sanitization must retain required OpenAI fields.
+3. **Error classification correctness** — misclassification can violate requested fallback policy.
+4. **Model normalization accuracy** — wrong mapping yields avoidable provider failures.
+5. **Token redaction** — avoid leakage in logs, errors, or analytics payloads.
+6. **Streaming boundary behavior** — fallback must not happen after partial output is emitted.