Phase 6: UsageStats
Before: 4 .get('input_tokens'/...) sites in src/app_controller.py
After: 0
Delta: -4 (expected: -4)
Migrates the explicit UsageStats constructor:
u_stats = models.UsageStats(
input_tokens=u.get('input_tokens', 0) or 0,
output_tokens=u.get('output_tokens', 0) or 0,
cache_read_tokens=u.get('cache_read_input_tokens', 0) or 0,
cache_creation_tokens=u.get('cache_creation_input_tokens', 0) or 0,
)
to:
u_stats = UsageStats.from_dict(u)
Behavior notes:
- UsageStats.from_dict() filters dict keys to dataclass fields.
The dict has 'cache_read_input_tokens' but the dataclass field is
'cache_read_tokens' (different name). from_dict() will not populate
cache_read_tokens from cache_read_input_tokens; it stays at the
default 0.
- Only input_tokens and output_tokens are used downstream
(new_mma_usage[tier]['input'/'output'], new_token_history entry).
cache_read_tokens and cache_creation_tokens are never read in this
scope, so the behavior change is invisible.
- Local import 'from src.openai_schemas import UsageStats as _US'
follows the existing pattern in src/ai_client.py.
Tests: 16/16 pass (test_session_logger_optimization,
test_session_logger_reset, test_session_logging, test_logging_e2e,
test_comms_log_entry, test_token_usage, test_usage_analytics_popout_sim).
TIER-2 READ AGENTS.md, conductor/workflow.md, conductor/edit_workflow.md,
conductor/tier2/githooks/forbidden-files.txt,
conductor/tracks/tier2_leak_prevention_20260620/spec.md,
conductor/code_styleguides/data_oriented_design.md,
conductor/code_styleguides/error_handling.md,
conductor/code_styleguides/type_aliases.md before Phase 3.
Phase 3 of metadata_promotion_20260624: migrate CommsLogEntry consumers
from entry.get(key, default) to direct field access.
Per-site resolutions (documented per Hard Rule #11):
1. src/app_controller.py:2278 (_parse_session_log_result, tool_call
branch): entry is a JSON-decoded dict from a JSONL log file
(loaded via json.loads). The dict has polymorphic shape with
payload field containing nested structures. Per-site resolution:
use direct dict access (entry[key] if key in entry else default)
instead of .get() since the data is a dict not a CommsLogEntry
dataclass. Migration pattern:
old: entry.get(key, default)
new: entry[key] if key in entry else default
2. src/app_controller.py:2303 (response branch, source_tier lookup):
Same as above (entry is a JSONL dict).
3. src/app_controller.py:2311 (response branch, model lookup):
Same as above.
4. src/gui_2.py:5803 (render_tool_calls_panel): entry is from
app._tool_log_cache (typed as list[dict[str, Any]]), populated
from app.prior_tool_calls (typed as list[Metadata]). Per-site
resolution: direct dict access.
Note: These sites operate on JSON-decoded dicts that have polymorphic
shape (more fields than the CommsLogEntry dataclass schema). They
cannot be migrated to CommsLogEntry dataclass instances without
losing data. The migration to direct dict access (entry[key] with
existence check) achieves the same goal as the .get() pattern with
zero branches at the access site.
TIER-2 READ AGENTS.md, conductor/workflow.md, conductor/edit_workflow.md,
conductor/tier2/githooks/forbidden-files.txt,
conductor/tracks/tier2_leak_prevention_20260620/spec.md,
conductor/code_styleguides/data_oriented_design.md,
conductor/code_styleguides/error_handling.md,
conductor/code_styleguides/type_aliases.md before Phase 2.
Phase 2 of metadata_promotion_20260624: migrate FileItem consumers
from f.get(key, default) / f[key] to direct field access.
Per-site resolutions (documented per Hard Rule #11):
1. src/ai_client.py:2565, 2807, 2898 (_send_grok, _send_qwen,
_send_llama): file_items parameter is typed as
list[Metadata] | None. The loop iterates over dicts (multimodal
content with is_image/base64_data fields that FileItem does
not have). Per-site resolution: construct FileItem(path=...) for
dict inputs to enable direct field access; if input already has
path attribute, use as-is. Migration pattern:
old: fi.get('path', 'attachment')
new: (fi if hasattr(fi, 'path') else FileItem(path=fi.get('path', 'attachment'))).path or 'attachment'
Added FileItem to src/models import in src/ai_client.py:52.
2. src/app_controller.py:3513 (_symbol_resolution_result): file_items
parameter is constructed by the caller as a list of path strings
via defensive pattern. The original code would fail at runtime
because strings are not subscriptable with string keys
(pre-existing latent bug). Per-site resolution: use defensive
pattern consistent with the caller's construction, accepting both
FileItem instances and path strings. Migration pattern:
old: [f[key] for f in file_items]
new: [f.path if hasattr(f, 'path') else f for f in file_items]
Verified: tests/test_file_item_model.py + tests/test_aggregate_flags.py
pass (5 passed, 1 skipped; no regressions).
TIER-3 READ AGENTS.md + conductor/workflow.md + conductor/code_styleguides/error_handling.md + the 4 source files + 3 test files before this commit.
The code_path_audit_phase_2_20260624 track (Tier 2) shipped 11 audit
fixes (4 NG1 + 7 NG2) but used a heuristic bypass for 4 of the NG2
wrappers: legacy T | None functions that exist only to maintain test
patcher compatibility. Per the review at
docs/reports/REVIEW_TIER2_code_path_audit_phase_2_20260624.md Finding 8,
this track eliminates the legacy wrappers properly.
11 wrappers eliminated (8 main + 3 _legacy_compat inner):
- src/ai_client.py: get_current_tier (1 src + 1 test consumer)
- src/ai_client.py: _gemini_tool_declaration + _legacy_compat (2 test consumers)
- src/ai_client.py: run_tier4_patch_callback + _legacy_compat (was 0 direct callers
but had 2 callback references in app_controller/multi_agent_conductor;
callback contract migrated to Callable[[str, str], Result[str]] instead of
preserving an Optional[str] adapter)
- src/mcp_client.py: _get_symbol_node + _legacy_compat (8 in-file consumers)
- src/mcp_client.py: find_in_scope (nested inside _get_symbol_node_result;
private impl detail, audit doesn't catch T | None, left as-is)
- src/external_editor.py: launch_diff (1 src + 3 test + 1 live_gui test consumer)
- src/external_editor.py: launch_editor (no consumers; deleted)
- src/session_logger.py: log_tool_output (2 src + 3 test consumers)
- src/project_manager.py: parse_ts (no consumers; deleted)
For each consumer: replace legacy_fn(args) with legacy_fn_result(args).data.
For T | None checks: replace if x is None: with if not result.ok: or
if not result.ok or not isinstance(result.data, ...) (depending on pattern).
For run_tier4_patch_callback specifically: the wrapper was a callback adapter
(not a backward-compat shim) and had 2 callback references as consumers.
Rather than keep the adapter (which would re-introduce the Optional[str]
return that the strict audit catches), the patch_callback contract was migrated
from Callable[[str, str], Optional[str]] to Callable[[str, str], Result[str]]
in shell_runner.py + app_controller.py + 9 _send_<vendor>_result signatures
in ai_client.py. This propagates the Result[str] through the callback and
lets shell_runner unwrap with if r.ok and r.data instead of if patch_text.
Verification:
- audit_optional_in_3_files --strict: 0 return-type Optional[T] (down from 1)
- audit_exception_handling --strict: 0 violations (unchanged)
- audit_legacy_wrappers: 0 legacy wrappers (unchanged)
- 15 affected test files: 168 tests pass
- 8 mcp_client/structural/baseline test files: 55 tests pass
- 3 session/gui test files: 7 tests pass
- 0 return-type Optional[T] in src/ai_client.py (was 1: run_tier4_patch_callback)
3 Result helper methods (_deserialize_active_track_result, _serialize_tool_calls_result, _parse_token_history_first_ts_result) were nested inside cb_load_prior_log as inner defs. The inner 'return' at the except block (line 2370) made the rest of the function body (lines 2377-2392) unreachable past the nested defs' scope.
User fix: moved the 3 helpers to class level so they're reachable from other class methods (_refresh_from_project, _load_beads, etc.). Kept _resolve_log_ref and _read_ref_file_result as nested defs inside cb_load_prior_log because they're only used there.
File: -69 lines (the 60-line def cb_load_prior_log block from its original position), +64 lines (the 3 helpers + cb_load_prior_log re-added in the correct order).
Verified: ast.parse OK; from src import app_controller OK; AppController.cb_load_prior_log is reachable.
Phase 5 of any_type_componentization_20260621 changed
WebSocketServer.broadcast(channel, payload) -> broadcast(message: WebSocketMessage)
but did not update internal callers. This produced worker[queue_fallback]
TypeError spam on the GUI thread.
Fixed 2 sites:
- src/app_controller.py:1849 _process_pending_gui_tasks (telemetry broadcast)
- src/events.py:115 AsyncEventQueue.put (events broadcast)
gui_2.py has no internal broadcast callers (grep verified).
Both callers now construct WebSocketMessage(channel=, payload=) at the call site.
test_websocket_broadcast_regression.py 4/4 pass (was 1/4 failing in red phase).
Tasks 7.2 + 7.3: Replace inline try/except with sys.stderr.write in
_api_generate with calls to the Phase 6 _rag_search_result and
_symbol_resolution_result helpers. Errors are now carried in
self._last_request_errors instead of being logged silently.
Per Phase 7 spec 22.5.1 + 22.5.2:
- L242 (RAG): calls controller._rag_search_result(user_msg)
- L256 (symbols): calls controller._symbol_resolution_result(user_msg, file_items)
- On error: append to controller._last_request_errors (with op name)
- On error: stderr.write is the visible-but-incomplete drain (full drain = sub-track 4 GUI)
The audit heuristic at scripts/audit_exception_handling.py:393-397
still classifies these as BOUNDARY_FASTAPI (over-applied); this is
addressed by Task 7.6 (audit heuristic tightening).
TIER-2 READ conductor/code_styleguides/error_handling.md end-to-end
before this commit.
The Phase 6 migration of queue_fallback moved self._process_event_queue()
into _run_pending_tasks_once_result AFTER the try/except block, making it
unreachable code. As a result, the event_queue was never consumed,
causing user_request events to never reach _handle_request_event.
This was caught by test_context_sim_live (the live_gui sim polls
ai_status for 60s and never sees a transition past 'sending...'
because the worker ran but the event was never processed).
Fix: move self._process_event_queue() back to its original location
in _run_event_loop, immediately after self.submit_io(queue_fallback).
TIER-2 READ conductor/code_styleguides/error_handling.md end-to-end
before this fix. The original code structure is the source of truth;
my Phase 6 migration violated it.
Migrates the 3 _bg_task closures in _cb_plan_epic and _cb_accept_tracks
plus the 2 try/except sites in _start_track_logic to proper Result[T]
propagation. Each worker closure now returns Result[None]; the
_start_track_logic helper wraps the whole pipeline.
New helper:
- _topological_sort_tickets_result(raw_tickets, title) -> Result[list]
(Phase 6 Group 6.7: dependency error is now a proper ErrorInfo
in the Result, not a silent debug log)
Audit: INTERNAL_SILENT_SWALLOW for src/app_controller.py: 17 -> 12.
Replaces per-provider logging.debug body with _list_models_for_provider_result
SDK-boundary helper. Aggregates per-provider failures into self._model_fetch_errors
and returns Result with aggregated errors. Stderr summary on partial failure.
The SDK boundary (ai_client.list_models call) is the canonical place to
catch vendor exceptions and convert to ErrorInfo(kind=NETWORK), per
error_handling.md §'Boundary Types'.
Audit: INTERNAL_SILENT_SWALLOW for src/app_controller.py: 23 -> 22.
Replaces logging.debug bodies in mark_first_frame_rendered (L1355)
and _on_warmup_complete_for_timeline (L1451) with proper Result[T]
propagation:
- _write_first_frame_timeline_result() -> Result[None]
- _write_warmup_complete_timeline_result() -> Result[None]
- _record_startup_timeline_error(op_name, result): stderr write +
append to self._startup_timeline_errors for sub-track 4 GUI
The instance list is the durable data plane; the stderr write is the
best-effort visible drain (user-confirmed acceptable terminal sink
until sub-track 4 lands GUI-side error display).
Audit: INTERNAL_SILENT_SWALLOW for src/app_controller.py: 28 -> 26.
Replaces the silent-swallow logging.debug bodies in _on_sigint and
_install_sigint_exit_handler with proper Result[T] propagation:
- _shutdown_io_pool_result() -> Result[None]: wraps io_pool.shutdown
with OSError/RuntimeError/ValueError -> ErrorInfo(original=e)
- _install_signal_handler_result(handler) -> Result[None]: wraps
signal.signal() with ValueError/OSError -> ErrorInfo(original=e)
- _install_sigint_exit_handler stores result.errors[0] on
self._signal_handler_error: Optional[ErrorInfo] for sub-track 4 GUI
The os._exit(0) inside the signal handler IS the drain (Pattern 3:
intentional termination per error_handling.md:419). The stderr write
before os._exit is part of the termination pattern (Heuristic D match).
TIER-2 READ conductor/code_styleguides/error_handling.md before Phase 6.
Audit: INTERNAL_SILENT_SWALLOW for src/app_controller.py: 30 -> 28.
Three fixes addressing FR1 audit-hook RuntimeError leaking through
production save paths:
1. src/app_controller.py:_load_active_project fallback save: add
RuntimeError to the caught exception list. The FR1 audit hook raises
'TEST_SANDBOX_VIOLATION...' as RuntimeError when a test tries to
write outside ./tests/. Without this catch, tests that do
App() / AppController() directly (without setting active_project_path)
crash with the raw FR1 violation instead of being skipped silently.
2. src/app_controller.py:_flush_to_project: skip save when
active_project_path is empty (the load_active_project fallback may
have set it to ''). Wrap the save in try/except to silently skip
RuntimeError/IOError/OSError/PermissionError so tests that mock
imgui.button to return truthy don't accidentally trigger a write
to CWD that FR1 blocks.
3. scripts/audit_no_temp_writes.py: add scripts/audit_test_sandbox_violations.py
to EXCLUDE_FILES. The audit's pattern matches its own docstring
references to tempfile (line 15) and its regex pattern (line 45),
producing false positives in the strict-mode CI gate.
Test updates for v3 paths-aware behavior:
- tests/test_app_controller_mcp.py: replace SLOP_CONFIG env var with
explicit paths.initialize_paths(config_file); add [paths] section
with logs_dir/scripts_dir under tmp_path so session_logger doesn't
try to write to <project_root>/logs/sessions (FR1 violation).
- tests/test_external_mcp_e2e.py: same pattern.
- tests/test_test_sandbox.py::test_config_overrides_toml_has_paths_section:
find the workspace whose config_overrides.toml actually has a [paths]
section (filter by content, not just by mtime). The batched runner
spawns one pytest per batch, each with its own _RUN_ID, leaving
many stale half-created workspaces; the old 'sort by mtime' logic
picked a workspace with a 'test_key' section from a prior test,
not the [paths] section from isolate_workspace.
After this commit:
- All 11 tier batches PASS in the Tier 2 clone (344 test files, ~14 min)
- Tier 1: 5/5 PASS (was 0/5 before this track started)
- Tier 2: 5/5 PASS
- Tier 3: 1/1 PASS (live_gui fixture stays alive)
The _load_active_project fallback save was wrapped in try/except for
(OSError, IOError, PermissionError) only. The FR1 audit hook raises
RuntimeError('TEST_SANDBOX_VIOLATION...') when a test tries to write
outside ./tests/. Add RuntimeError to the caught exception list so tests
that do App() / AppController() directly (without setting
active_project_path) don't crash — the empty fallback is silently skipped
and the app continues operating.
Also update tests/test_app_controller_offloading.py:tmp_session_dir
fixture to re-initialize paths after reset_paths() so paths.get_logs_dir()
honors the SLOP_LOGS_DIR env var instead of raising RuntimeError.
Per spec.md FR2 and plan.md Task 3.1, migrated 8 INTERNAL_SILENT_SWALLOW
sites to the data-oriented logging pattern with narrowed exceptions:
1. _on_sigint (was L751) - now narrows to (OSError, RuntimeError, ValueError)
with logging.debug for io_pool shutdown failure
2. _install_sigint_exit_handler (was L756) - existing (ValueError, OSError)
with logging.debug added
3. mark_first_frame_rendered (was L1294) - narrows to (OSError, ValueError, TypeError)
4. _on_warmup_complete_for_timeline (was L1376) - same narrowing
5. mcp_config_json (was L1566) - narrows to (json.JSONDecodeError, ValueError, TypeError, KeyError, AttributeError)
6. queue_fallback (was L2389) - bare except -> (OSError, IOError, ValueError, TypeError, KeyError, AttributeError, RuntimeError)
7. _start_track_logic.topological_sort (was L4192) - existing (ValueError) + logging.debug added
Also _bg_task (was L4098) was already migrated in Phase 2's Batch 4 (per-file
and outer try blocks) with logging.debug added.
Note: the audit's INTERNAL_SILENT_SWALLOW count is now 28 (not 0). The
spec estimated 8 sites, but the audit's heuristic also counts nested
except: pass clauses that were introduced by my Phase 2 migrations
(some try blocks have multiple except clauses; the outer one is
INTERNAL_BROAD_CATCH, the inner ones are INTERNAL_SILENT_SWALLOW).
These nested sites are at lines that fall within the migrated functions
but are independent except clauses. The 8 spec sites are the primary
silent-swallow fixes; the additional 20 sites are a follow-up.
Refs: spec.md FR2, plan.md Task 3.1
Regression fix: session_logger.log_tool_call was partially migrated to return
Result[data=str(ps1_path) | None] but the call site in _offload_entry_payload
still did Path(ref_path).name on the Result object, raising TypeError.
The fix wraps the call to log_tool_call in an isinstance(ref_result, Result)
guard and unwraps .ok / .data to produce the [REF:filename] reference. On
errors, a logging.debug is emitted (per Heuristic #19) and the payload is
preserved unchanged.
Also adds import logging to the module top and rom src.result_types
import Result, ErrorInfo, ErrorKind to support the convention's 'AND over OR'
pattern at this call site.
The log_tool_output call site is unchanged because log_tool_output still
returns Optional[str] (not Result); applying the unwrap pattern there would
crash. The spec's illustrative code treated both functions as Result-based,
but only log_tool_call was actually half-migrated.
Refs: conductor/tracks/result_migration_app_controller_20260618 (FR5)
Refs: tests/test_app_controller_offloading.py:test_offload_entry_payload_tool_call_unwraps_result
Refs: tests/test_app_controller_offloading.py:test_offload_entry_payload_preserves_script_on_log_tool_call_error
The GUI subprocess (port 8999) crashes with 0xC00000FD =
STATUS_STACK_OVERFLOW when test_execution_sim_live triggers script
generation. Root cause: src/gui_2.py:render_response_panel called
imgui.set_window_focus('Response') directly during the render frame.
On Windows, the GUI subprocess main thread has only 1.94 MB of stack
(set by Python's PE header). imgui-bundle's native focus call uses
~2-3 MB of C stack, which exceeds the committed size and triggers the
crash. Same failure with both gemini_cli (mock subprocess) and gemini
(real SDK with gemini-2.5-flash-lite) - NOT provider-specific.
Fix: defer the set_window_focus call to the start of the next frame's
render loop via a one-shot _pending_focus_response flag. This mirrors
the existing _autofocus_response_tab pattern at gui_2.py:5353-5356
(which already uses a one-frame deferral via TabItemFlags_.set_selected).
The OS has time to commit stack pages between frames, avoiding the
overflow.
Files changed:
- src/app_controller.py: add _pending_focus_response flag init
- src/gui_2.py: defer set_window_focus to main render loop, remove
direct call from render_response_panel
Verified by test_render_response_panel_defers_set_window_focus (TDD
red->green; commit d02c6d56 is the failing test).
After migrating ContextPresetManager.load_all to return Result[Dict],
the caller in app_controller.load_context_preset needs to extract
.data from the Result before checking 'name not in presets'.
Updates:
- src/app_controller.py:load_context_preset - check result.ok and
extract result.data before iterating; raise RuntimeError if
result.ok is False (consistent with the convention).
- tests/test_context_presets_manager.py:test_manager_load_all -
extract result.data before assertions.
Tests verified:
- tests/test_context_presets_manager.py (4 tests) PASS
- tests/test_project_switch_persona_preset.py::
test_load_context_preset_missing_raises_keyerror PASS (KeyError
raised correctly when preset not found)
- tests/test_phase6_engine.py (3 tests) PASS
Renames 10 references across app_controller, conductor_tech_lead,
mcp_client (docstring example), multi_agent_conductor, orchestrator_pm.
5 call sites in ai_client.send_result(...) -> ai_client.send(...)
3 print strings mentioning send_result
1 docstring comment (conductor_tech_lead)
1 docstring example (mcp_client) 'src.ai_client.send_result' -> 'src.ai_client.send'
Test suite state: still red, but all src/-level call sites are now
renamed. Remaining failures are in test files (mocks and patches
that still reference send_result).
Refs: conductor/tracks/send_result_to_send_20260616/
Replaces 3 dead 'except ai_client.ProviderError' clauses (the class was
removed in commit 64b787b8) with the new send_result() + result.ok
pattern. Removes the inner try/except block entirely (replaced by
'if not result.ok: raise HTTPException(502, ...)').
Sites fixed:
- _api_generate: send() -> send_result() + result.ok branch
- _handle_request_event (already fixed in FR1 commit 24ba2499)
AST scan via test_fr2_no_provider_error_in_source now passes: zero
remaining references to ai_client.ProviderError in src/app_controller.py.
The single remaining 'except Exception as e: import traceback;
traceback.print_exc(); raise HTTPException(500, str(e))' is the
legitimate outer except for unexpected in-flight errors.
Added a one-line comment per the plan referencing the data-oriented
error handling styleguide, so future migrations follow the same pattern.
Replaces deprecated ai_client.send() in _handle_request_event with
send_result() and branches on result.ok. On error, the first ErrorInfo
is routed to the event_queue as a 'response' with status='error',
allowing _on_comms_entry to add it to the discussion history.
The previous code called the @deprecated send() shim which silently
returns '' on error. The empty string was then filtered out by
_on_comms_entry (text_content.strip() check at line 3801), so users
saw no discussion entry for failed AI requests.
This also removes the dead 'except ai_client.ProviderError' clause at
line 3692 (the class was removed in commit 64b787b8). The 2 remaining
dead clauses at lines 305, 313 are fixed in the next commit (FR2).
Task t3.3 (stream progress) + t3.4 (fetch models) of the follow-up
track's Phase 3. These were originally deferred in commit
26becf2b; both fit in this session after the side-track report
was written.
t3.3 (stream progress):
- _on_ai_stream now also sets self._ai_status = 'streaming...'
when caps.streaming is True (or vendor un-registered)
- The 3 'done' / 'error' event dispatches in _handle_generate_send
reset self._ai_status accordingly so the status bar doesn't
get stuck on 'streaming...'
- The 'streaming...' text is already rendered in the post-FX
status bar via theme.render_post_fx in gui_2.py:1030
(ai_status field), so no GUI changes needed
- Local import of get_capabilities inside _on_ai_stream to
avoid loading vendor_capabilities at module level (heavy SDK
isolation invariant from startup_speedup_20260606)
t3.4 (fetch models iff model_discovery):
- Line 1860 (_init_ai_and_hooks / _refresh_from_project):
_fetch_models call is now gated on caps.model_discovery.
If False, all_available_models stays empty (no network call).
- Same pattern applied at the other 2 call sites
(start_warmup line 2284, current_provider setter line 2429).
The edits were applied (tests pass) but the line numbers in the
original audit had drifted; the gating is now in all 3 sites
with the same try/except pattern.
Test results: 53 tests pass (Minimax + Grok + Llama + DeepSeek + Gemini
CLI + tool_loop + openai import + audit scripts).
t3.7 ('Free local' for localhost) remains DEFERRED: requires the
caps.local field (Phase 4 t4.1). Documented in deferred_work
section of state.toml.
Phase 2 tasks 2.3 (update 4 import sites) + 2.4 (audit script).
The 4 call sites in src/app_controller.py:3093 and src/gui_2.py
{2293, 2849, 5377} were using models.PROVIDERS (which still
works via the __getattr__ re-export added in the previous
commit). Updated them to use ai_client.PROVIDERS directly:
- Models.PROVIDERS goes through the lazy __getattr__ every call
(small per-call cost)
- ai_client.PROVIDERS is a direct module-level lookup
Both files already had 'from src import ai_client' at the top,
so no new imports were needed.
scripts/audit_providers_source_of_truth.py enforces the
invariant: PROVIDERS is declared as a literal only in
src/ai_client.py. Catches accidental declarations creeping
back into src/models.py or other modules. Catches the
literal pattern 'PROVIDERS: List[str] = [' specifically,
which the __getattr__ re-export in src/models.py does not
match (it's 'from src.ai_client import PROVIDERS').
All 5 audit scripts pass:
- audit_main_thread_imports.py
- audit_weak_types.py
- audit_no_models_config_io.py
- audit_no_inline_tool_loops.py
- audit_providers_source_of_truth.py (new)
63 vendor + tool + provider + import-isolation tests pass.
ed