feat: model availability checker - probe before dispatch (t132.3)

[marcusquinn]

Summary

• New model-availability-helper.sh: Lightweight HTTP probes (~1-2s) to check provider health, API key validity, rate limits, and model availability before dispatch — replacing the slow CLI probe path (~8-15s that burns tokens)
• Supervisor integration: resolve_model() and check_model_health() now use the availability helper as a fast path, with the existing CLI probe retained as a slow-path fallback
• Test suite: 29 tests covering syntax, ShellCheck, help output, tier resolution, provider checks, cache invalidation, supervisor integration, and JSON output

Details

model-availability-helper.sh (~1150 lines)

• Commands: check, probe, status, rate-limits, resolve, invalidate, help
• SQLite cache at ~/.aidevops/.agent-workspace/model-availability.db (5min health TTL, 60s rate limit TTL)
• API key resolution: env vars → gopass → credentials.sh
• Probes provider /models endpoints (free, fast)
• Parses rate limit headers (Anthropic, OpenAI, Groq specific + generic)
• Tier-to-model resolution with automatic cross-provider fallback
• Exit codes: 0=available, 1=unavailable, 2=rate-limited, 3=key-invalid
• Bash 3.2-compatible (no associative arrays — macOS ships bash 3.2)
• ShellCheck clean (0 warnings)

Supervisor changes

• resolve_model(): Added availability-helper fast path before static defaults
• check_model_health(): Two-tier probe — fast HTTP path, slow CLI fallback

Design decisions

• Direct HTTP over CLI probes: Existing check_model_health() spawned a full opencode run session (~8-15s, burns tokens). New helper calls /models endpoints directly via curl (~1-2s, free)
• Bash 3.2 compatibility: Used case statement functions instead of declare -A associative arrays
• Two-tier fallback: New helper is fast path; old CLI probe kept as slow-path fallback for environments without the helper

Test results

Results: 29 total, 20 passed, 0 failed, 9 skipped

(9 skipped = tier resolution tests that require API keys, gracefully handled)

Smoke tests: 373 total, 309 passed, 0 failed — no regressions.

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 51 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Mon Feb 9 15:00:49 UTC 2026: Code review monitoring started
Mon Feb 9 15:00:50 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 51

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 51
• VULNERABILITIES: 0

Generated on: Mon Feb 9 15:00:52 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[gemini-code-assist]

Summary of Changes

Hello @marcusquinn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a model availability checker to proactively verify the health and availability of AI model providers before dispatching tasks. This enhancement reduces unnecessary token usage, improves task execution speed, and provides a more robust and reliable model selection process within the AI DevOps framework.

Highlights

• Model Availability Helper: Introduces a new model-availability-helper.sh script for lightweight HTTP probes to check provider health, API key validity, rate limits, and model availability before dispatch.
• Supervisor Integration: Integrates the availability helper into resolve_model() and check_model_health() in supervisor-helper.sh as a fast path, with the existing CLI probe retained as a slow-path fallback.
• Test Suite: Adds a comprehensive test suite with 29 tests covering various aspects of the availability helper, including syntax, ShellCheck, tier resolution, provider checks, cache invalidation, and supervisor integration.
• Performance Improvement: Replaces the slow CLI probe path (~8-15s) with faster HTTP probes (~1-2s) to reduce token consumption and improve response time.

Changelog

• .agents/scripts/model-availability-helper.sh
  • Added new script for probing model availability via HTTP.
• .agents/scripts/supervisor-helper.sh
  • Integrated model availability helper into resolve_model() for faster model resolution.
  • Implemented two-tier probe strategy in check_model_health() using the new helper as a fast path and retaining the CLI probe as a fallback.
• .agents/tools/context/model-routing.md
  • Added documentation for the new model availability checker.
• tests/test-model-availability.sh
  • Added a new test suite to validate the functionality of the model availability helper.

Activity

• A new model-availability-helper.sh script was added.
• The supervisor-helper.sh script was modified to integrate the new availability helper.
• A new test suite test-model-availability.sh was added to validate the new functionality.
• The model-routing.md file was updated to document the new availability checker.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant performance improvement by adding a model-availability-helper.sh script for fast, cached health checks, and integrating it into the supervisor. The implementation is thorough and includes a new test suite, which is excellent. My review has identified a critical security vulnerability (SQL injection) in the new helper script that must be addressed. I've also found a few high-severity issues related to argument parsing and test isolation, and a medium-severity issue concerning error handling. The overall architecture and integration with the existing supervisor logic are well-designed.

[gemini-code-assist]

This function is vulnerable to SQL injection. It constructs an SQL query by embedding variables directly into the string. This is unsafe and violates the repository style guide (line 25), which recommends parameterized queries. An attacker who can control variables like provider or status could execute arbitrary SQL. This vulnerability is present in most database interactions in this script.

_record_health() {
    local provider="$1"
    local status="$2"
    local http_code="$3"
    local duration_ms="$4"
    local error_msg="$5"
    local models_count="$6"

    sqlite3 "$AVAILABILITY_DB" >/dev/null 2>&1 <<EOF || true
PRAGMA busy_timeout=5000;
.parameter set @provider "$provider"
.parameter set @status "$status"
.parameter set @http_code $http_code
.parameter set @duration_ms $duration_ms
.parameter set @error_msg "$error_msg"
.parameter set @models_count $models_count
.parameter set @ttl $DEFAULT_HEALTH_TTL
INSERT INTO provider_health (provider, status, http_code, response_ms, error_message, models_count, checked_at, ttl_seconds)
VALUES (@provider, @status, @http_code, @duration_ms, @error_msg, @models_count, strftime('%Y-%m-%dT%H:%M:%SZ', 'now'), @ttl)
ON CONFLICT(provider) DO UPDATE SET
    status = excluded.status,
    http_code = excluded.http_code,
    response_ms = excluded.response_ms,
    error_message = excluded.error_message,
    models_count = excluded.models_count,
    checked_at = excluded.checked_at,
    ttl_seconds = excluded.ttl_seconds;
EOF
    return 0
}

References

1. Use parameterized queries to prevent SQL injection. ^(link)

[gemini-code-assist]

The test script tests/test-model-availability.sh attempts to override the database path for testing via the AVAILABILITY_DB_OVERRIDE environment variable. However, this script does not respect that variable, causing the tests to run against the production database (~/.aidevops/.agent-workspace/model-availability.db). This can lead to test flakiness and pollution of the real cache.

Suggested change

	readonly AVAILABILITY_DB="${AVAILABILITY_DIR}/model-availability.db"
	readonly AVAILABILITY_DB="${AVAILABILITY_DB_OVERRIDE:-${AVAILABILITY_DIR}/model-availability.db}"

[gemini-code-assist]

The argument parsing for --ttl is unsafe. shift 2 is called without checking if a value for the option was provided. If a user runs the command with --ttl as the last argument, set -e will cause the script to fail.

Suggested change

	--ttl) custom_ttl="${2:-}"; shift 2 ;;
	--ttl)
	if [[ -z "${2:-}" ]]; then
	print_error "Error: --ttl option requires an argument."
	return 1
	fi
	custom_ttl="$2"; shift 2 ;;

[gemini-code-assist]

The db_query and db_query_json functions suppress all stderr output from sqlite3 using 2>/dev/null. This can hide important errors (e.g., SQL syntax errors, file permissions issues) and makes debugging difficult. This goes against the style guide's recommendation (line 50) to avoid blanket error suppression.

Suggested change

	db_query() {
	local query="$1"
	sqlite3 -cmd ".timeout 5000" "$AVAILABILITY_DB" "$query" 2>/dev/null
	return $?
	}
	db_query_json() {
	local query="$1"
	sqlite3 -cmd ".timeout 5000" -json "$AVAILABILITY_DB" "$query" 2>/dev/null
	return $?
	}
	db_query() {
	local query="$1"
	sqlite3 -cmd ".timeout 5000" "$AVAILABILITY_DB" "$query"
	return $?
	}
	db_query_json() {
	local query="$1"
	sqlite3 -cmd ".timeout 5000" -json "$AVAILABILITY_DB" "$query"
	return $?
	}

References

1. Avoid blanket error suppression. ^(link)