feat(api): remove startup panics from provider constructors

AGENTS.md forbids `.expect()` on fallible production paths. Provider
constructors previously inlined
  `reqwest::Client::builder().timeout(...).build()
      .expect("failed to build reqwest client")`
which crashes the whole process on rare TLS init failures.

New shared helper providers/http_util::build_default_http_client
centralises the timeout-customised reqwest client build and returns a
structured ProviderError on failure. Eight provider constructors
adopt it and now return Result<Self, ProviderError>:
  * AnthropicProvider::from_config
  * OpenAiProvider::new
  * CodexProvider::new + from_stored
  * AzureProvider::new + from_env
  * CopilotProvider::new + from_env
  * CohereProvider::new + from_env
  * MinimaxProvider::new
And BedrockProvider::from_env propagates via `?`.

registry.rs adapts via a small `lift` helper that logs the error and
returns None, plus per-site `.ok().map(Arc::new)` chains. The
"provider unavailable" path was already supported by every downstream
caller (Option<Arc<dyn LlmProvider>>), so the worst-case behaviour is
the same provider degrading silently instead of crashing the process.

OpenAiCompatProvider::new stays infallible (it has ~30 call sites in
openai_compat_providers.rs that build per-provider helpers); it falls
back to reqwest::Client::new() with a tracing warning when the
timeout-customised build fails, which keeps long-running streams
working with reqwest's defaults instead of panicking.

cargo test --workspace: 1523 passing, 0 failing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: BunsDev

src-rust/crates/api/src/providers/anthropic.rs

@@ -47,13 +47,20 @@ impl AnthropicProvider {
     }
 
     /// Construct directly from a [`ClientConfig`], creating the inner client.
-    pub fn from_config(config: ClientConfig) -> Self {
-        let client = AnthropicClient::new(config)
-            .expect("AnthropicProvider::from_config: failed to create AnthropicClient");
-        Self {
+    /// Returns an error when the underlying HTTP client cannot be built (e.g.
+    /// TLS init failure); callers should treat that as "provider unavailable"
+    /// rather than letting the process crash.
+    pub fn from_config(config: ClientConfig) -> Result<Self, ProviderError> {
+        let client = AnthropicClient::new(config).map_err(|e| ProviderError::Other {
+            provider: ProviderId::new(ProviderId::ANTHROPIC),
+            message: format!("failed to create AnthropicClient: {e}"),
+            status: None,
+            body: None,
+        })?;
+        Ok(Self {
             client: Arc::new(client),
             id: ProviderId::new(ProviderId::ANTHROPIC),
-        }
+        })
     }
 
     /// Build a [`CreateMessageRequest`] from a [`ProviderRequest`].

src-rust/crates/api/src/providers/azure.rs

@@ -41,19 +41,16 @@ pub struct AzureProvider {
 }
 
 impl AzureProvider {
-    pub fn new(resource_name: String, api_key: String) -> Self {
-        let http_client = reqwest::Client::builder()
-            .timeout(std::time::Duration::from_secs(600))
-            .build()
-            .expect("failed to build reqwest client");
-
-        Self {
-            id: ProviderId::new(ProviderId::AZURE),
+    pub fn new(resource_name: String, api_key: String) -> Result<Self, ProviderError> {
+        let id = ProviderId::new(ProviderId::AZURE);
+        let http_client = crate::providers::http_util::build_default_http_client(&id)?;
+        Ok(Self {
+            id,
             resource_name,
             api_key,
             api_version: "2024-08-01-preview".to_string(),
             http_client,
-        }
+        })
     }
 
     pub fn with_api_version(mut self, version: String) -> Self {
@@ -66,7 +63,9 @@ impl AzureProvider {
         let resource = std::env::var("AZURE_RESOURCE_NAME").ok()?;
         let version =
             std::env::var("AZURE_API_VERSION").unwrap_or_else(|_| "2024-08-01-preview".to_string());
-        Some(Self::new(resource, key).with_api_version(version))
+        Self::new(resource, key)
+            .ok()
+            .map(|p| p.with_api_version(version))
     }
 
     fn endpoint_url(&self, deployment: &str) -> String {

src-rust/crates/api/src/providers/bedrock.rs

@@ -54,10 +54,8 @@ impl BedrockProvider {
             .or_else(|_| std::env::var("AWS_DEFAULT_REGION"))
             .unwrap_or_else(|_| "us-east-1".to_string());
 
-        let http_client = reqwest::Client::builder()
-            .timeout(std::time::Duration::from_secs(600))
-            .build()
-            .expect("failed to build reqwest client");
+        let id = ProviderId::new(ProviderId::AMAZON_BEDROCK);
+        let http_client = crate::providers::http_util::build_default_http_client(&id).ok()?;
 
         // Bearer token takes priority over SigV4 credentials.
         if let Ok(token) = std::env::var("AWS_BEARER_TOKEN_BEDROCK") {

src-rust/crates/api/src/providers/codex.rs

@@ -52,26 +52,24 @@ pub struct CodexProvider {
 }
 
 impl CodexProvider {
-    pub fn new(tokens: CodexTokens) -> Self {
-        let http_client = reqwest::Client::builder()
-            .timeout(std::time::Duration::from_secs(600))
-            .build()
-            .expect("failed to build reqwest client");
-
-        Self {
-            id: ProviderId::new(ProviderId::CODEX),
+    pub fn new(tokens: CodexTokens) -> Result<Self, ProviderError> {
+        let id = ProviderId::new(ProviderId::CODEX);
+        let http_client = crate::providers::http_util::build_default_http_client(&id)?;
+        Ok(Self {
+            id,
             http_client,
             tokens: Arc::new(Mutex::new(tokens)),
-        }
+        })
     }
 
-    /// Construct from stored tokens; returns `None` if no tokens are saved.
+    /// Construct from stored tokens; returns `None` if no tokens are saved or
+    /// if the HTTP client could not be built.
     pub fn from_stored() -> Option<Self> {
         let tokens = get_codex_tokens()?;
         if tokens.access_token.is_empty() {
             return None;
         }
-        Some(Self::new(tokens))
+        Self::new(tokens).ok()
     }
 
     // -----------------------------------------------------------------------

src-rust/crates/api/src/providers/cohere.rs

@@ -40,26 +40,24 @@ pub struct CohereProvider {
 
 impl CohereProvider {
     /// Create a new CohereProvider with the given API key.
-    pub fn new(api_key: String) -> Self {
-        let http_client = reqwest::Client::builder()
-            .timeout(std::time::Duration::from_secs(600))
-            .build()
-            .expect("failed to build reqwest client");
-
-        Self {
-            id: ProviderId::new(ProviderId::COHERE),
+    pub fn new(api_key: String) -> Result<Self, ProviderError> {
+        let id = ProviderId::new(ProviderId::COHERE);
+        let http_client = crate::providers::http_util::build_default_http_client(&id)?;
+        Ok(Self {
+            id,
             api_key,
             http_client,
-        }
+        })
     }
 
     /// Construct from the `COHERE_API_KEY` environment variable.
-    /// Returns `None` if the variable is absent or empty.
+    /// Returns `None` if the variable is absent, empty, or the HTTP client
+    /// could not be built.
     pub fn from_env() -> Option<Self> {
         std::env::var("COHERE_API_KEY")
             .ok()
             .filter(|k| !k.is_empty())
-            .map(Self::new)
+            .and_then(|k| Self::new(k).ok())
     }
 
     // -----------------------------------------------------------------------

src-rust/crates/api/src/providers/copilot.rs

@@ -50,21 +50,20 @@ pub struct CopilotProvider {
 }
 
 impl CopilotProvider {
-    pub fn new(token: String) -> Self {
-        let http_client = reqwest::Client::builder()
-            .timeout(std::time::Duration::from_secs(600))
-            .build()
-            .expect("failed to build reqwest client");
-
-        Self {
-            id: ProviderId::new(ProviderId::GITHUB_COPILOT),
+    pub fn new(token: String) -> Result<Self, ProviderError> {
+        let id = ProviderId::new(ProviderId::GITHUB_COPILOT);
+        let http_client = crate::providers::http_util::build_default_http_client(&id)?;
+        Ok(Self {
+            id,
             token,
             http_client,
-        }
+        })
     }
 
     pub fn from_env() -> Option<Self> {
-        std::env::var("GITHUB_TOKEN").ok().map(Self::new)
+        std::env::var("GITHUB_TOKEN")
+            .ok()
+            .and_then(|t| Self::new(t).ok())
     }
 
     fn base_url() -> &'static str {

src-rust/crates/api/src/providers/http_util.rs

@@ -0,0 +1,51 @@
+// providers/http_util.rs — shared HTTP-client construction helpers for
+// provider adapters.
+//
+// Every provider needs a `reqwest::Client` with a long timeout (LLM calls
+// routinely run >60s). Before this module each constructor inlined
+// `Client::builder().timeout(...).build().expect("...")` which panicked
+// at startup on TLS-init failures. AGENTS.md forbids `.expect()` on
+// fallible production paths, so we centralize the build here and return
+// a structured `ProviderError` instead.
+
+use std::time::Duration;
+
+use claurst_core::provider_id::ProviderId;
+
+use crate::provider_error::ProviderError;
+
+/// Default timeout applied to every provider HTTP client. LLM streaming
+/// responses can take well over a minute; ten minutes is the standard
+/// upper bound across the adapters in this crate.
+pub const DEFAULT_PROVIDER_TIMEOUT: Duration = Duration::from_secs(600);
+
+/// Build a default `reqwest::Client` for a provider adapter, propagating
+/// any builder failure as a structured [`ProviderError::Other`] so the
+/// registry can skip the provider instead of crashing the process.
+pub fn build_default_http_client(provider: &ProviderId) -> Result<reqwest::Client, ProviderError> {
+    reqwest::Client::builder()
+        .timeout(DEFAULT_PROVIDER_TIMEOUT)
+        .build()
+        .map_err(|e| ProviderError::Other {
+            provider: provider.clone(),
+            message: format!("failed to build HTTP client: {e}"),
+            status: None,
+            body: None,
+        })
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn build_default_http_client_succeeds_for_well_known_provider() {
+        // Under normal conditions the reqwest builder succeeds; the test
+        // primarily guards against a regression in the timeout arg or the
+        // ProviderError mapping.
+        let pid = ProviderId::new("test");
+        let client = build_default_http_client(&pid).expect("client must build");
+        // Smoke-check: the client is usable.
+        let _ = client.get("http://127.0.0.1:1").build();
+    }
+}

src-rust/crates/api/src/providers/minimax.rs

@@ -29,27 +29,35 @@ pub struct MinimaxProvider {
 }
 
 impl MinimaxProvider {
-    pub fn new(api_key: String) -> Self {
+    pub fn new(api_key: String) -> Result<Self, ProviderError> {
+        let id = ProviderId::new(ProviderId::MINIMAX);
         let api_base = std::env::var("MINIMAX_BASE_URL")
             .unwrap_or_else(|_| "https://api.minimax.io/anthropic".to_string());
         let mut headers = header::HeaderMap::new();
-        headers.insert(
-            "X-Api-Key",
-            header::HeaderValue::from_str(&api_key)
-                .expect("unable to parse api key for http header"),
-        );
+        let header_value =
+            header::HeaderValue::from_str(&api_key).map_err(|e| ProviderError::AuthFailed {
+                provider: id.clone(),
+                message: format!(
+                    "API key contains characters that cannot be sent in an HTTP header: {e}"
+                ),
+            })?;
+        headers.insert("X-Api-Key", header_value);
         let http_client = Client::builder()
             .default_headers(headers)
             .timeout(std::time::Duration::from_secs(600))
             .build()
-            .expect("MinimaxProvider: failed to build HTTP client");
-
-        Self {
+            .map_err(|e| ProviderError::Other {
+                provider: id.clone(),
+                message: format!("failed to build HTTP client: {e}"),
+                status: None,
+                body: None,
+            })?;
+        Ok(Self {
             http_client,
             api_key,
             api_base,
-            id: ProviderId::new(ProviderId::MINIMAX),
-        }
+            id,
+        })
     }
 
     fn build_request(request: &ProviderRequest) -> CreateMessageRequest {

src-rust/crates/api/src/providers/mod.rs

@@ -1,6 +1,7 @@
 pub mod anthropic;
 pub use anthropic::AnthropicProvider;
 
+pub(crate) mod http_util;
 pub(crate) mod message_normalization;
 pub(crate) mod request_options;
 

src-rust/crates/api/src/providers/openai.rs

@@ -49,19 +49,16 @@ pub struct OpenAiProvider {
 }
 
 impl OpenAiProvider {
-    pub fn new(api_key: String) -> Self {
-        let http_client = reqwest::Client::builder()
-            .timeout(std::time::Duration::from_secs(600))
-            .build()
-            .expect("failed to build reqwest client");
-
-        Self {
-            id: ProviderId::new(ProviderId::OPENAI),
+    pub fn new(api_key: String) -> Result<Self, ProviderError> {
+        let id = ProviderId::new(ProviderId::OPENAI);
+        let http_client = crate::providers::http_util::build_default_http_client(&id)?;
+        Ok(Self {
+            id,
             name: "OpenAI".to_string(),
             base_url: "https://api.openai.com".to_string(),
             api_key,
             http_client,
-        }
+        })
     }
 
     /// Override the API base URL (e.g. for Azure, Ollama, or other compatible