refactor(llm): replace llm library with LiteLLM via pflow-owned adapter

[spinje]

Summary

Replaces Simon Willison's llm library with a pflow-owned adapter (src/pflow/core/llm_client.py) backed by LiteLLM, becoming the single seam for every LLM call in the codebase. Three architectural changes ship together because the migration touches all of them: a typed exception hierarchy with structured discriminators, a diagnostic pipeline integrated through a new llm_failure category, and a tracing redesign that replaces the broken llm.get_model monkey-patch with a shared["__trace_collector__"] save/restore seam.

This PR is pure substrate — caching syntax (the original motivating use case) is deferred to Task 159. The architectural work is independently valuable and warrants its own review attention.

Task

158

Changes

New core modules

• core/llm_client.py — single seam for all LLM calls; complete() returns AdapterResponse
• core/llm_providers.py — canonical provider metadata registry (Anthropic / OpenAI / Gemini); single source of truth for model-name normalization, env-var derivation, reasoning capability detection
• core/llm_reasoning_map.py — provider-neutral reasoning capability detection + map_reasoning_options()

Typed exception hierarchy in core/exceptions.py

• LLMCallError(PflowError) base + 6 subclasses with to_diagnostics() overrides:
  • UnknownModelError(reason="unknown_name" | "missing_prefix")
  • MissingApiKeyError(kind="missing_key" | "lacks_permission")
  • LLMTransientError(kind="timeout" | "rate_limit" | "server_error" | "connection")
  • MissingSdkError(package=...)
  • InvalidRequestError, LLMResponseParseError
• Every instance carries model + provider_message (raw upstream text, distinct from pflow framing)
• Diagnostic pipeline: category="llm_failure", structured _diagnostic_context propagates from exception → shared store → __failures__ → ExecutionResult.errors[i].context

Tracing redesign

• Deleted the llm.get_model monkey-patch and the _active_collectors[thread_id] registry (broken in production — worker thread id never matched main thread id)
• Replaced with shared["__trace_collector__"] save/restore around engine.run's graph walk
• LLMNode reads in prep(), captures trace_hook BEFORE submitting to inner ThreadPoolExecutor
• Free behavior fix: event["llm_prompt"] now actually populates in trace JSON

Performance

• Lazy import litellm inside complete() — keeps non-LLM CLI paths fast (pflow --version, --validate-only, --dry-run, cached runs)
• Engine modules MUST NOT import llm_client.py (architectural rule encoded in runtime/engine/CLAUDE.md)
• CLI startup: 0.27s (was 1.17s mid-migration); make test parallel: ~18-20s (was 55s+ mid-migration)

Other

• Bare model names auto-prefix in two layers: settings CLI at write time + adapter as safety net
• model_options rejects reasoning-shaped keys (forces use of canonical reasoning_effort / reasoning_max_tokens channels)
• Cost from LiteLLM's _hidden_params["response_cost"]; deleted core/llm_pricing.py (188 lines, 41 stale model entries)
• inject_settings_env_vars() added to find.py + mcp.py::find_tools (audit gap caught in independent verification)
• LiteLLM pinned at 1.82.6 (1.83.x hard-pins click==8.1.8 which downgrades pflow's click and breaks 3 tests)

Dependencies

• Removed: llm, llm-anthropic, llm-gemini
• Added: litellm==1.82.6, openai (direct dep — adapter catches openai.OpenAIError, the structural base of LiteLLM's exception hierarchy)

Explanation

Three reasons the migration shipped independently of the caching feature it was originally Phase 0 + Phase A of:

1. llm-anthropic==0.25 blocks caching. The plugin's cache: bool only marks cache_control on attachments / last prior user message. System prompts and first-turn user content (where the savings live) cannot be cached. llm.models.Options is extra="forbid" — no kwarg passthrough. Keeping llm and monkey-patching is fragile across plugin upgrades.
2. LiteLLM is the right substrate. Unified cache_control syntax across Anthropic / Gemini / OpenAI; Ollama and other local-model runtimes still supported; provider pricing data is comprehensive (2,678 entries vs pflow's 41) and per-provider correct (pflow's table had Anthropic-only cache multipliers applied universally).
3. The architectural work is real. Typed exceptions, diagnostic pipeline, tracing redesign are independently valuable and warrant their own review attention before stacking caching on top.

The architectural seal is structural: the adapter catches openai.OpenAIError (the OpenAI SDK base — litellm.exceptions.OpenAIError is a sibling class, not a parent). Past the seal, consumers branch on structured exception attributes (reason, kind, transient_kind), never on message text.

129 files changed, +30,156 / −5,535. Most of the addition is in .taskmaster/tasks/task_158/ documentation (progress log, task review, research notes, spike scripts), the LiteLLM-bundled uv.lock regeneration, and the new test files; the production diff is much smaller.

Created Docs

• .taskmaster/tasks/task_158/task-158.md — task spec
• .taskmaster/tasks/task_158/task-review.md — comprehensive review optimized for future agents (especially Task 159 / caching). Covers integration points, shared store keys + routing rules, 10 architectural decisions with alternatives, 8 gotchas, 10 reusable patterns, 9 anti-patterns, 10 common pitfalls each tied to a real bug caught during review cycles
• .taskmaster/tasks/task_158/implementation/progress-log.md — session-by-session narrative (§25–§41) including 3 rounds of code review, perf-fix pass, end-to-end verification, and the §41 verification-driven inject_settings_env_vars fix
• User-facing docs updated: docs/quickstart.mdx, docs/reference/cli/settings.mdx, docs/reference/nodes/llm.mdx, docs/reference/configuration.mdx, docs/how-it-works/{batch-processing,template-variables}.mdx, docs/guides/debugging.mdx, docs/roadmap.mdx — purged Simon Willison llm library / llm-anthropic plugin references; replaced with LiteLLM provider list and pflow settings set-env paths

Testing

Sacred parity tests (32) green at every commit:

• tests/test_execution/test_plan_drift.py — planner ↔ runtime cost parity invariant

Adapter contract tests (tests/test_core/test_llm_client.py):

• TestAdapterSealContract.test_litellm_exception_wraps_to_typed_pflow_exception — parametrized over 16 LiteLLM exception classes; verifies every classified exception becomes a typed LLMCallError subclass
• TestAdapterSealContract.test_seam_threads_provider_message_to_every_classification — every classification branch threads provider_message=str(exc) to the typed exception
• TestAdapterSealContract.test_unknown_litellm_subclass_wraps_safely — default fallback wraps unknown future classes as InvalidRequestError (deterministic, NOT transient — won't infinite-retry)
• test_real_litellm_exception_provider_message_reaches_runner_diagnostics — full pipeline: real exception → seam → LLMNode → runner → result.errors[i].context.provider_message (5+ layers; regression in any layer fails this test loudly)

Trace seam regression guards (tests/test_runtime/test_trace_integration.py):

• TestLLMTraceHookCapture — trace_hook fires across worker-thread boundary; event["llm_prompt"] populates
• TestSubWorkflowTraceCollector — sub-workflow LLM prompts land in child collector
• TestParallelBatchSubWorkflowTrace — parallel batch + sub-workflow trace isolation

Provider/reasoning regression guards:

• TestSmartFilterMinimizesReasoning — smart_filter routes via reasoning_kwargs (canonical channel), with assert last_call["model_options"] is None regression guard
• test_disable_gemini_3 — effort="none" on Gemini 3 maps to thinking_level=minimal
• test_opus_45_max_tokens_takes_precedence_over_effort — Anthropic Opus 4.5 thinking_effort precedence preserved (load-bearing legacy invariant)

End-to-end manual verification (real APIs across all 3 providers, ~$0.0001 spend):

• Bare-name auto-prefix verified at workflow + adapter layers (gpt-4o-mini → openai/gpt-4o-mini)
• Trace JSON llm_prompt populates end-to-end (verified via --report markdown output)
• cost_usd from LiteLLM rolls up correctly through total_cost_usd; pricing_available tri-state correct
• All 4 typed-exception paths produce structured JSON output with category="llm_failure", error_class, model, reason/kind, provider_message (raw upstream text)
• pflow probe llm works with all 9 stable usage keys
• Sub-workflow LLM cost rollup ($0.0000110 = child + parent verified)
• Parallel batch LLM per-item prompt capture (B11 fix verified — each batch_items[i] has its own llm_prompt)
• pflow find + pflow mcp find work with API keys stored in pflow settings (the §41 fix)

Architectural seal verified:

• grep -rn 'litellm\.exceptions\|^import openai\|^from openai' src/pflow/ returns hits only in core/llm_client.py (the seam)
• grep -rn '^import llm$\|^from llm import' src/pflow/ tests/ returns zero hits
• python -X importtime $(which pflow) --version 2>&1 | grep -c litellm returns 0

Final state: make test 5,380 passed, make check clean (ruff, ruff-format, mypy, deptry).

[gemini-code-assist]

Code Review

This pull request replaces the llm library with a pflow-owned LiteLLM adapter, introduces a typed exception hierarchy for LLM failures, and redesigns the tracing mechanism to use a shared-store save/restore seam. Feedback suggests that specific exception handling in the adapter may be redundant and recommends enhancing the warning propagation logic to support multiple warnings per call.

[gemini-code-assist]

The adapter is designed to catch openai.OpenAIError as the structural base for all LiteLLM exceptions. Catching litellm.exceptions.BadRequestError specifically here might be redundant if the goal is a unified exception handling strategy as described in the module docstring.

[gemini-code-assist]

The implementation assumes a single warning per call. If LiteLLM or the adapter starts producing multiple warnings, only the first one will be captured in __warnings__. Consider if warnings should be appended or joined if multiple exist.

[claude]

Code Review — PR #356 (Task 158: llm → LiteLLM adapter)

Reviewed against the Epistemic Manifesto + CLAUDE.md guidance. Six parallel agents inspected the adapter, exception hierarchy, tracing redesign, CLI plumbing, tests, and security/diff hygiene. Bottom line: the architectural work is solid and ships well. The migration is clean, the trace seam fix is structurally sound (closure capture + save/restore), and the test bar is above average for a refactor of this size. The findings below are cleanup, not blockers.

---

Warnings — should be addressed

1. GOOGLE_API_KEY ↔ GEMINI_API_KEY aliasing leaks wrong remediation

core/llm_config.py:29-33 lists PROVIDER_ENV_VARS with both GEMINI_API_KEY and GOOGLE_API_KEY for Gemini, but the canonical registry ProviderInfo.env_var (core/llm_providers.py) is a single string (GEMINI_API_KEY). When MissingApiKeyError.to_diagnostics() calls _derive_env_var_for_model (exceptions.py:521-528), a user with only GOOGLE_API_KEY set gets the misleading suggestion export GEMINI_API_KEY=....

Fix: extend ProviderInfo to env_vars: tuple[str, ...] and consolidate llm_config.PROVIDER_ENV_VARS into the registry. PR claims llm_providers.py is the single source of truth — this divergence weakens that claim.

2. Discriminators should be Literal[...], not str

The PR description claims typed Literal values for reason/kind/package, but exceptions.py:249, 319, 406, 462 define them as str with default values:

def __init__(self, ... reason: str = "unknown_name", ...): ...

to_diagnostics() consumers branch on equality (if self.reason == "missing_prefix" at :257) and use .get(self.kind, "...connection...") (:435). A typo at the raise site silently falls through to the default branch with wrong remediation, with no mypy signal.

Fix: tighten to Literal["unknown_name", "missing_prefix"], Literal["timeout", "rate_limit", "server_error", "connection"], etc. Trivial change, real safety.

3. Malformed LiteLLM responses bypass the typed exception system

llm_client.py:716, 722, 742 access raw_response.choices[0] and raw_response.usage directly inside _normalize. If LiteLLM returns an empty choices list or missing usage (e.g., LiteLLM bug, unusual provider response), this raises IndexError/AttributeError outside the except openai.OpenAIError: block at :311. The trace after_call event does not fire, and the runtime sees an unwrapped exception that escapes the seal contract.

Fix: wrap _normalize in a try/except that produces LLMResponseParseError(provider_message=str(exc)).

4. Missing regression test for the lazy-import contract

The PR's headline perf claim (~700ms saved on cold CLI) depends on litellm staying out of sys.modules for non-LLM CLI paths. There's no test pinning this. A 5-line subprocess test would catch a regression where someone does import litellm at module top:

def test_litellm_not_imported_for_validate(uv_exe, prepared_subprocess_env):
    result = subprocess.run([uv_exe, "run", "python", "-c",
        "import sys; from pflow.cli.main import main; "
        "assert 'litellm' not in sys.modules"],
        env=prepared_subprocess_env, capture_output=True)
    assert result.returncode == 0

This is the single biggest concrete coverage gap.

5. Missing test: LLM failure inside parallel-batch sub-workflow

tests/test_runtime/test_trace_integration.py:673-732 covers the success path for "parallel batch + sub-workflow + LLM" — the concurrency-safety bug class explicitly cited in the PR. The failure path (LLM raises during a parallel-batch sub-workflow) is untested. Given that the worker-thread _active_collectors bug was the original motivator for this redesign, the failure path under that exact configuration is the highest-value gap to close.

6. Process-wide LiteLLM logger silencing on every call

llm_client.py:307 sets logging.getLogger("LiteLLM").setLevel(logging.CRITICAL) inside complete(). Idempotent, but a process-wide side effect: any downstream tool that wants LiteLLM logs is suppressed once any pflow LLM call has run. Documented but worth flagging — consider doing it once at first import and noting it in the lazy-import block.

7. pyproject.toml: openai dep has no version floor

pyproject.toml:35 adds openai as a direct dep with no constraint. The adapter catches openai.OpenAIError — if openai ever restructures its exception hierarchy, the adapter breaks silently. uv.lock pins the resolved version today, but the intent should be encoded as a >= floor.

8. Auto-prefix rule is not user-documented

cli/commands/settings.py:458-476 auto-prefixes bare model names at write time and warns on unknown providers. The behavior is correct (azure/... short-circuits via "/" in model at llm_providers.py:57 — no double-prefix bug) but the rule is not documented in command help (set-default, set-discovery, set-filtering) or docs/. Add a one-liner under each set-* block.

9. Spike artifacts should be cleaned before merge

• scratchpads/task-158-spike/spike_4_output.txt is 1.5 MB / 13,042 lines of LiteLLM dependency dumps. Pure noise.
• Same file leaks a developer's macOS home path (/Users/andfal/.cache/uv/builds-v0/...) at lines 25 and 113.
• .taskmaster/tasks/task_158/research/phase-a-execution-guide.md:41-43 says spike scripts are "not committed" — they ARE committed. Either delete them or update the doc to match reality.

---

Suggestions — optional improvements

1. llm_reasoning_map.py:141 — max(min(int(base * ratio), 128000), 1024) has inline magic numbers. Extract MIN_THINKING_BUDGET = 1024 and MAX_THINKING_BUDGET = 128000 as module constants.
2. llm_client.py:642 — EFFORT_RATIOS.get(thinking_effort, 0.5) silently substitutes "medium-ish" for unknown effort strings. At least logger.warning would help when the Literal-typing fix above doesn't catch it.
3. llm_client.py:269 — schema response_format hardcodes "name": "response", "strict": True. Some providers may not support strict mode. Consider making it adapter-configurable if a provider rejects.
4. llm_client.py:532 — _extract_missing_package regex r"pip install ['\"]?([^'\";\s]+)['\"]?" will silently return None if LiteLLM changes the hint wording (e.g., pip3 install, uv pip install). The MissingSdkError is still raised, but with package=None — less actionable. Compile the regex at module level while at it.
5. llm_client.py:759 — isinstance(raw_cost, (int, float)) accepts bool (Python: isinstance(True, int) is True). Theoretical, not reachable from LiteLLM, but a smell.
6. Discriminator coverage — add an explicit assert exc_info.value.kind == "connection" to the bare-APIConnectionError seal-contract case in test_llm_client.py.
7. Drop mock_strip.assert_not_called() at tests/test_nodes/test_llm/test_llm.py:865-867 — testing internal dispatch shape, redundant with the type assertions on shared[\"response\"].
8. MockLLMClient.set_error() helper — would deduplicate ~6 test sites that monkeypatch pflow.nodes.llm.llm.complete with throw-closures.
9. CLAUDE.md L161-162: the "Never use the Explore agent" guidance is unrelated to this PR — should ideally be split into its own commit, but harmless as-is.

---

What works well (worth calling out)

• Trace seam redesign is structurally sound. The closure capture (workflow_trace.py:535-554) binds stable references; the explicit prep_res[\"_trace_hook\"] propagation across the worker boundary (llm.py:325-328, 402-408) makes the prior worker-thread bug structurally impossible. Save/restore in engine.run is unconditional via try/finally.
• Exception hierarchy quality. LLMCallError docstrings (exceptions.py:130-176) are above-average — explain the seam, deterministic vs transient split, and the provider_message rationale.
• Test discipline: test_executor_service_llm.py:154-219 is the right pattern — patches litellm.completion directly and asserts the raw provider text survives the full chain (5+ layers). Catches regressions any other layer would mask.
• Audit gap fix is complete: inject_settings_env_vars() covers all five entry points that reach complete() (run, find, mcp find, probe, mcp_server). Verified.
• uv.lock regen is clean: every added/removed package is attributable to the swap; no unrelated bumps to core deps.

---

Verdict

Ship after addressing the warnings (especially #1 GOOGLE_API_KEY alias, #2 Literal discriminators, #3 _normalize exception envelope, and #4–5 missing tests). The rest is cleanup and can land separately.