feat: replace provider layer with Google Genkit Go SDK

[intel352]

Summary

• Replace all 12+ hand-rolled provider implementations (Anthropic, OpenAI, Gemini, Ollama, Copilot, OpenRouter, Cohere, HuggingFace, llama.cpp, Bedrock, Vertex, Azure) with Google Genkit Go SDK v1.6.0 adapters
• New genkit/ package: adapter, type conversion, factory functions — Genkit is an internal implementation detail
• provider.Provider interface unchanged — executor, ratchet-cli, mesh, orchestrator all work without modification
• ProviderRegistry factories updated to call Genkit-backed constructors
• Deleted ~25 provider files (~3000+ lines of hand-rolled HTTP/SDK code)
• Fixed TOCTOU race in ProviderRegistry cache (concurrent cold-start)
• Fixed credentialsJSON passthrough for VertexAI provider

What's Kept

• provider/provider.go (interface + types)
• provider/models.go, provider/auth_modes.go
• provider/llama_cpp_download.go (utility)
• All test providers (test_provider*.go)
• executor/ package (unchanged)
• tools/ package (unchanged)
• orchestrator/ (factory functions updated)

What's Gained

• Unified SDK for all providers (Genkit handles auth, streaming, format conversion)
• Built-in tracing/observability via Genkit dev UI
• MCP client/server support
• Structured output (GenerateData[T]()) available for future use
• Fewer direct dependencies (SDKs become transitive via Genkit)

Test plan

• go build ./... passes
• All 12 test packages pass
• Spec review: all 8 checks pass (interface stable, thinking traces, llama_cpp_download preserved)
• Code review: TOCTOU race and credentialsJSON fixes applied
• Manual: test with real Anthropic/OpenAI/Ollama API keys end-to-end

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR migrates the agent’s provider implementation layer from multiple hand-rolled SDK/HTTP integrations to a unified set of Genkit Go SDK adapters, while keeping the existing provider.Provider interface stable for the rest of the codebase.

Changes:

• Introduces a new genkit/ package implementing provider.Provider via Genkit plugins (plus unit + integration tests).
• Updates provider registries and module factories to construct Genkit-backed providers and fixes a ProviderRegistry cache TOCTOU race.
• Removes legacy provider implementations/tests and replaces Ollama “utility” operations (list/pull/health) with a dedicated OllamaClient.

Reviewed changes

Copilot reviewed 43 out of 44 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
step_model_pull.go	Switches Ollama model pull/list to provider.OllamaClient.
provider/openrouter.go	Removes legacy OpenRouter provider implementation.
provider/openrouter_test.go	Removes legacy OpenRouter provider tests.
provider/openai.go	Removes legacy OpenAI provider implementation.
provider/openai_convert.go	Removes legacy OpenAI conversion/helpers.
provider/openai_azure.go	Removes legacy Azure OpenAI provider implementation.
provider/openai_azure_test.go	Removes legacy Azure OpenAI provider tests.
provider/ollama.go	Removes legacy Ollama provider implementation.
provider/ollama_test.go	Removes legacy Ollama provider tests.
provider/ollama_convert.go	Removes legacy Ollama conversion/helpers.
provider/ollama_convert_test.go	Removes legacy Ollama conversion tests.
provider/ollama_client.go	Adds Ollama utility client (pull/list/health).
provider/models.go	Moves/shared model-listing constants and updates Ollama model listing to use OllamaClient; adds Gemini model listing via genai SDK.
provider/llama_cpp.go	Removes legacy llama.cpp provider implementation.
provider/llama_cpp_test.go	Removes legacy llama.cpp provider tests.
provider/gemini.go	Removes legacy Gemini provider implementation.
provider/gemini_test.go	Removes legacy Gemini provider tests.
provider/copilot.go	Removes legacy Copilot provider implementation.
provider/copilot_test.go	Removes legacy Copilot provider tests.
provider/copilot_models.go	Removes legacy GitHub Models provider implementation.
provider/copilot_models_test.go	Removes legacy GitHub Models provider tests.
provider/cohere.go	Removes legacy Cohere provider implementation.
provider/anthropic.go	Removes legacy Anthropic provider implementation (direct API).
provider/anthropic_vertex.go	Removes legacy Anthropic Vertex provider implementation.
provider/anthropic_vertex_test.go	Removes legacy Anthropic Vertex provider tests.
provider/anthropic_foundry.go	Removes legacy Anthropic Foundry provider implementation.
provider/anthropic_foundry_test.go	Removes legacy Anthropic Foundry provider tests.
provider/anthropic_convert_test.go	Removes legacy Anthropic conversion tests.
provider/anthropic_bedrock_convert.go	Restores defaultAnthropicMaxTokens constant needed by remaining Bedrock codepaths.
provider_registry.go	Updates agent-level ProviderRegistry factories to use Genkit-backed constructors.
orchestrator/provider_registry.go	Updates orchestrator ProviderRegistry factories to use Genkit-backed constructors; fixes TOCTOU cache race.
module_provider.go	Updates agent.provider module to use Genkit-backed constructors.
genkit/genkit.go	Adds Genkit instance helper.
genkit/providers.go	Adds Genkit-backed provider factory functions (Anthropic/OpenAI/GoogleAI/Ollama/OpenAI-compatible/Azure/Foundry/Vertex/Bedrock wrapper).
genkit/providers_test.go	Adds unit tests for Genkit provider factory validation.
genkit/convert.go	Adds provider↔Genkit message/stream conversion.
genkit/convert_test.go	Adds unit tests for conversion logic.
genkit/adapter.go	Adds provider.Provider adapter over Genkit Generate/GenerateStream (tool support, usage, thinking).
genkit/adapter_test.go	Adds adapter tests using in-memory Genkit models.
genkit/integration_test.go	Adds opt-in (integration build tag) end-to-end tests against real provider APIs.
go.mod	Adds Genkit dependency and adjusts transitive deps.
go.sum	Updates dependency checksums for Genkit and transitives.
docs/plans/2026-04-05-genkit-provider-migration.md	Adds implementation plan doc for the migration.
docs/plans/2026-04-05-genkit-provider-migration-design.md	Adds design doc for the migration.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

NewVertexAIProvider writes credentials JSON to a temp file and sets GOOGLE_APPLICATION_CREDENTIALS globally, but never removes the temp file nor restores the prior env var. This can leak service-account credentials on disk and introduces cross-request races when multiple providers are created concurrently in the same process. Prefer passing credentials to the underlying client/plugin without mutating process env; if that’s not possible, guard the env var change with a mutex, restore the previous value, and ensure the temp file is deleted when no longer needed (including on error paths).

[Copilot]

The factory functions build modelName as "<provider>/" + model without applying the prior defaulting behavior (e.g., OpenAI default model, Anthropic default model). Since module and DB schemas allow model to be empty (default ''), this can produce invalid model names like openai/ and fail at runtime. Consider preserving existing defaults inside these factories when model is empty to maintain backward compatibility.

[Copilot]

Module provider creation also uses context.Background() for Genkit provider factories. This prevents module users from passing cancellation/deadline semantics into any initialization work performed by the Genkit plugins. Prefer using a context associated with the module lifecycle (or at minimum TODO/option to supply one) rather than hard-coding context.Background().

[Copilot]

Tool request conversion currently sets ToolCall.ID and ToolCall.Name both to part.ToolRequest.Name. This loses any per-call identifier and makes multiple tool calls to the same tool indistinguishable (and tool results will all reuse the same ToolCallID). If Genkit provides a distinct call ID, map it into ToolCall.ID and keep the tool name in ToolCall.Name; otherwise generate a stable unique ID per tool request and ensure the corresponding tool result messages map back correctly.

[Copilot]

resolveToolRefs defines tools via gk.DefineTool using an input map[string]any handler, but it doesn’t incorporate provider.ToolDef.Parameters (JSON Schema). As a result, the model may not receive the expected parameter schema for tool calling, which can break or degrade tool-call generation. Consider defining tools with an explicit schema (or using a typed input struct) so tool parameters are communicated accurately to Genkit/underlying providers.

[Copilot]

Pull request overview

Copilot reviewed 44 out of 45 changed files in this pull request and generated 12 comments.

Comments suppressed due to low confidence (1)

provider_registry.go:202

• createAndCache writes to the cache unconditionally after provider creation, so concurrent cold-starts can race and initialize the same provider multiple times (and the last write wins). The orchestrator registry addresses this with a re-check under the write lock; consider applying the same pattern (or singleflight) here to avoid duplicate Genkit/plugin initialization under load.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Tool-call identity is not preserved across turns: assistant tool requests are created with ToolRequest.Name=tc.Name (tc.ID is discarded), but tool results are encoded as ToolResponse.Name=m.ToolCallID. Since ToolCallID is later set to tc.ID (currently generated UUIDs), the tool response won't match the original tool request, breaking multi-turn tool calling. Align the identifier used in ToolRequest/ToolResponse (and preserve the provider.ToolCall.ID across conversions) so tool results can be correlated to the right request.

Suggested change

	parts = append(parts, ai.NewToolRequestPart(&ai.ToolRequest{
	Name: tc.Name,
	toolCallName := tc.Name
	if tc.ID != "" {
	toolCallName = tc.ID
	}
	parts = append(parts, ai.NewToolRequestPart(&ai.ToolRequest{
	Name: toolCallName,

[Copilot]

When an assistant message includes ToolCalls, the text Content is dropped entirely (only ToolRequest parts are emitted). The executor records assistant Content alongside ToolCalls, so dropping it changes the conversation history and can affect model behavior. Preserve any non-empty assistant Content by emitting a text part in addition to tool-request parts (matching the behavior of the previous provider conversions).

[Copilot]

Tool results are always wrapped as {result: <string>}. In this codebase, executor tool results are typically JSON-encoded strings (or error strings), so double-wrapping can distort the intended structure presented to the model. Consider attempting to JSON-decode Message.Content first (use the decoded value as ToolResponse.Output when valid), and only fall back to a string wrapper when decoding fails.

[Copilot]

Stream() emits tool_call events from chunks (via fromGenkitChunk) and then emits tool_call events again at Done by converting the final response. Because tool-call IDs are generated during conversion, the Done-phase tool_call IDs won't match earlier tool_call events and can also cause duplicate execution downstream. Prefer emitting tool_call events from a single source (either incremental chunks or final response) and ensure IDs are stable across the stream.

Suggested change

	// Extract final response for tool calls and usage
	if result.Response != nil {
	final := fromGenkitResponse(result.Response)
	for i := range final.ToolCalls {
	tc := final.ToolCalls[i]
	ch <- provider.StreamEvent{Type: "tool_call", Tool: &tc}
	}
	// Tool calls are emitted from incremental chunks only.
	// On Done, only emit usage metadata to avoid duplicate tool_call
	// events with unstable IDs from final response conversion.
	if result.Response != nil {
	final := fromGenkitResponse(result.Response)

[Copilot]

The default model constants differ from the previous provider implementations (e.g., Anthropic default was claude-sonnet-4-20250514, Gemini default was gemini-2.0-flash). This changes runtime behavior for configs that omit Model. If the goal is a drop-in replacement, keep defaults aligned with the old providers (or document the behavior change explicitly).

Suggested change

	defaultAnthropicModel = "claude-sonnet-4-6"
	defaultOpenAIModel = "gpt-4o"
	defaultGeminiModel = "gemini-2.5-flash"
	defaultAnthropicModel = "claude-sonnet-4-20250514"
	defaultOpenAIModel = "gpt-4o"
	defaultGeminiModel = "gemini-2.0-flash"

[Copilot]

The default baseURL for copilot_models is set to https://models.inference.ai.azure.com, but the model-listing path (provider.ListModels) defaults copilot_models to https://models.github.ai/inference. These should match; otherwise copilot_models will point at a different endpoint depending on which code path is used. Update the default baseURL here to the intended GitHub Models endpoint (or adjust both places consistently).

Suggested change

	baseURL = "https://models.inference.ai.azure.com"
	baseURL = "https://models.github.ai/inference"

[Copilot]

Provider initialization uses context.TODO() because ModuleFactory doesn’t receive a context. This prevents cancellation/timeouts during provider setup and can hang module loading if initialization blocks (e.g., auth discovery). Prefer threading a real context from module Start()/wiring, or at minimum use context.Background() and document the expected lifecycle/timeout behavior.

[Copilot]

llama_cpp is wired through NewOpenAICompatibleProvider with BaseURL passed through unchanged. If cfg.BaseURL is empty, the provider will be initialized without a usable endpoint. Add a default base URL for llama_cpp when none is provided (matching previous llama.cpp provider defaults) or return a validation error early.

Suggested change

	return gkprov.NewOpenAICompatibleProvider(ctx, "llama_cpp", "", cfg.Model, cfg.BaseURL, cfg.MaxTokens)
	baseURL := cfg.BaseURL
	if baseURL == "" {
	baseURL = "http://127.0.0.1:8080/v1"
	}
	return gkprov.NewOpenAICompatibleProvider(ctx, "llama_cpp", "", cfg.Model, baseURL, cfg.MaxTokens)

[Copilot]

These ProviderRegistry factories pass user-configured BaseURL values into Genkit providers without validating them. The repo has SSRF protections via provider.ValidateBaseURL (https-only + blocks private/internal IPs) used in other code paths. Apply the same validation here for remote providers (e.g., anthropic/openai/openrouter/copilot) before creating the provider, and return an error when invalid.

[Copilot]

The post-create cache re-check avoids overwriting the cache entry, but it still allows multiple goroutines to concurrently create a provider on cold start (all but one instance are discarded). If provider creation is expensive (Genkit init, auth discovery), consider using a per-alias singleflight (or store a promise/future in the cache) so only one initialization runs per alias.