Provider ladder & failover

Providers

Chain: codex → openrouter → anthropic → grok → openai-compatible → ollama → deterministic. Only Codex edits the repo; cloud/local providers return strict JSON plans RiskRadar applies. Lower-trust providers need consent in ask mode. No API keys are ever shown here.

Provider readiness

Provider	Status	Edits repo	Required env
Codex CLI (workspace editor)	unavailable	yes	CODEX_BIN, CODEX_ENABLED
OpenRouter (plan advisor) ★	configured	no	RISKRADAR_LLM_API_KEY, RISKRADAR_AGENT_MODEL
OpenAI-compatible (plan advisor)	configured	no	RISKRADAR_LLM_BASE_URL, RISKRADAR_LLM_API_KEY, RISKRADAR_AGENT_MODEL
Anthropic Claude (plan advisor)	configured	no	RISKRADAR_ANTHROPIC_API_KEY, RISKRADAR_AGENT_MODEL
Grok / xAI (plan advisor)	configured	no	RISKRADAR_GROK_API_KEY, RISKRADAR_AGENT_MODEL
Ollama / local (plan advisor)	configured	no	RISKRADAR_LLM_BASE_URL, RISKRADAR_AGENT_MODEL
Deterministic npm fixer	configured	no	·

Failover controls

Failover modeask = consent before lower-trust providersAllow cloud→cloud failoverAllow local model failoverWhen off, a local model is only used after explicit consent.Require consent before lower-trust provider

Saved to local settings.

Failover consent requests

No failover consent requests yet.

Failover timeline

No provider failover activity recorded yet.